70-414 microsoft

http://www.gratisexam.com/

70-414 microsoft

Number: 2.0Passing Score: 800Time Limit: 120 min


Sections1. Contoso, Ltd Case A2. Proseware Inc3. Northwind Traders4. A.Datum Corporation5. Contoso Ltd Case B6. Contoso Ltd Case C7. Contoso Ltd Case D8. Yes/No9. Drag & Drop10.Hotspot11.Assertion & Reason12.Multiple Choice


Testlet 1

Topic 1: Contoso, Ltd Case A No. of Questions: 12

Overview

Contoso, Ltd., is a recruiting and staffing company that has offices throughout North America.

The company has a main office and six branch offices.

The main office is located in Miami.

The branch offices are located in New York, Seattle, Los Angeles, Montreal, Toronto, and Vancouver.

Existing Environment

Network Infrastructure:

The network contains one Active Directory domain named contoso.com.

The main office has the following servers:

One file server that maintains multiples sharesTwo domain controllers configured as DNS serversOne Windows Server Update Services (WSUS) serverTwo DHCP servers that each have a scope for all of the subnetsTwo servers that have Failover Clustering configured and are used as virtualization hostsOne server that has Microsoft SQL Server 2012 installed and maintains a customer relationship management (CRM) database

Each branch office has the following servers:

One domain controller configured as a DNS serverOne DHCP server that has a single scope for its respective office

Each office has a single subnet. The network speed of the local area network (LAN) is 1 gigabit per second. All of the offices have a high-speed connection to the Internet. The offices connect to each other by using VPN appliances.

Current Issues:

Users report that it can take a long time to download files from network shares in the main office.

A root cause analysis identifies that network traffic peaks when the users experience this issue.


Requirments

Planned Changes:

The company plans to implement the following changes:

Replace all of the domain controllers with new servers that run Windows Server 2012.Upgrade the CRM application to use a web-based application that connects to the current CRM database.

The web application will store session data in the memory of each web server.Initially, deploy two front-end web servers to two virtual machines. Additional virtual web servers will be deployed in the future.Monitor the availability of the CRM application and create alerts when the overall availability is less than 99 percent.Implement Microsoft System Center 2012 to manage the new environment.

Business Requirements:

The company identifies the following business requirements:

Minimize hardware costs and software costs whenever possible.Minimize the amount of network traffic over the VPN whenever possible.Ensure that the users in the branch offices can access files currently on the main office file server if an Internet link fails.

Technical Requirements:

The company identifies the following technical requirements:

Provide a highly available DHCP solution.Maintain a central database that contains the security events from all of the servers. The database must be encrypted.Ensure that an administrator in the main office can manage the approval of Windows updates and updates to third-party applications for all of the users.Ensure that all of the domain controllers have the ReliableTimeSource registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters set to 1, even if an administrator changes that value manually.

Virtualization Requirements:

The company identifies the following virtualization requirements:

Minimize the number of permissions and privileges assigned to users.Ensure that the members of a group named Group2 can add a WSUS server to the fabric.Ensure that a diagram view of the virtualization environment can be generated dynamically.Minimize the amount of administrative effort required to manage the virtualization environment.Prevent the failure of a front-end web server from affecting the availability of the CRM application.Ensure that the members of a group named Group1 can create new virtual machines in the Los Angeles office only.Only create virtual machine templates by using objects that already exist in the System Center 2012 Virtual Machine Manager (VMM) library.On the failover cluster in the main office, apply limited distribution release (LDR) updates to the virtualization hosts without disrupting the virtual machines hostedon the virtualization hosts.


QUESTION 1You need to recommend an automated remediation solution for the ReliableTimeSource registry value.

The solution must meet the technical requirements.

What should you include in the recommendation?

A. A System Center 2102 Configuration Manager configuration baseline.

B. A System Center 2012 Operations Manager performance counter rule.

C. A System Center 2012 Configuration Manager maintenance task.

D. A System Center 2012 Operations Manager event rule.

Correct Answer: ASection: [none]Explanation

Explanation/Reference:

29/11/2015 // Checked

http://technet.microsoft.com/en-US/library/gg682106.aspx

QUESTION 2You need to recommend a solution for deploying the web servers for the CRM application.

The solution must meet the visualization requirements.




A. Network Load Balancing (NLB) without affinity

B. Failover Clustering with one active node

C. Failover Clustering with two active nodes

D. Network Load Balancing (NLB) with client affinity

Correct Answer: DSection: [none]Explanation


29/11/2015 // Checked

Explanation:

http://technet.microsoft.com/library/hh831698

QUESTION 3You need to recommend a solution that manages the security events.



Which configuration should you include in the recommendation?

A. Object access auditing by using a Group Policy object (GPO)

B. Event rules by using System Center 2012 Operations Manager

C. Event forwarding by using Event Viewer

D. Audit Collection Services (ACS) by using System Center 2012



Checked 06/12/2015

The section Technical Requirements states that it should be implemented and maintained a central database of the entries in the security logs of all servers. Thedatabase must be encrypted. Use the Audit Collection Services (ACS) System Center 2012 - Operations Manager allows you to records that were generated by anaudit policy capture, and store them in a centralized database. If an audit policy is installed on a Windows computer, this computer stores by default andautomatically all generated by the audit policy events in the local Security log. This applies to all Windows workstations and also on all servers. In companies withstringent security requirements audit policies can generate large amounts of events quickly. Using ACS, organizations can consolidate individual Security logs into acentrally managed database and filter events with the data analysis and reporting tools provided by Microsoft SQL Server and analyze. With ACS, only a user,expressly the right to access the ACS database has been granted, run queries and create reports on the collected data.

QUESTION 4You are planning the delegation for the virtualization environment.

The delegation must meet the virtualization requirements.

Which user role profile should you select for Group2?

A. Delegated Administrator

B. Read-Only Administrator

C. Administrators

D. Self-Service User

Correct Answer: CSection: [none]Explanation



29/11/2015 // Checked

http://technet.microsoft.com/en-us/library/gg696971.aspx

QUESTION 5You need to recommend a solution for updating the virtualization hosts. The solution must meet the visualization requirements.


A. Cluster-Aware Updating

B. WSUS

C. System Center Updates Publisher 2011

D. System Center 2012 Configuration Manager



29/11/2015 // CheckedExplanation:


QUESTION 6You need to create a virtual machine template for the web servers used by the CRM application.

The solution must meet the virtualization requirements.

What should you use?

A. An .iso image

B. A virtual machine

C. A Windows PowerShell script

D. A virtual hard disk (VHD)



29/11/2015 // Checked


Explanation:


http://technet.microsoft.com/en-us/library/bb740838.aspx

QUESTION 7You need to recommend a solution that meets the technical requirements for DHCP.

What should you include in the recommendation for each office?

A. Network Load Balancing (NLB)

B. DHCP failover

C. DHCP server policies

D. IP Address Management (IPAM)

Correct Answer: BSection: [none]Explanation


29/11/2015 // Checked

Explanation:

http://technet.microsoft.com/en-us/library/jj200226.aspx


QUESTION 8You are planning the deployment of System Center 2012 Virtual Machine Manager (VMM).

You need to identify which additional System Center 2012 product is required to meet the visualization requirements.


A. System Center 2012 Service Manager

B. System Center 2012 Operations Manager

C. System Center 2012 Configuration Manager

D. System Center 2012 App Controller



29/11/2015 // Checked

Explanation:

certbase notes:In the section infrastructure requirements for virtualizing the following, crucial requirement is: It must be possible to dynamically generate a diagrammatic viewof the virtualization environment.

You can System Center 2012 - Virtual Machine Manager connect (VMM) with Operations Manager integrity and availability of the managed by VMM virtual


machines and virtual machine hosts to monitor.

You can also monitor and display using the Operations Console in Operations Manager diagram views of the virtualized environment integrity and availability of theVMM management server, the VMM database server, the library server and the VMM Self-Service Portal Web server.


QUESTION 9You need to recommend a solution that resolves the current file server issue.

The solution must meet the business requirements.


A. Distributed File System (DFS)

B. BranchCache in distributed cache mode

C. BranchCache in hosted cache mode

D. A storage pool



29/11/2015 // Checked

Explanation:

Scenarios for Using DFS By using from DFS-N and DFS Replication, your organization can benefit from several implementation scenarios including:

- Sharing files across branch offices - Data collection - Data distribution - Sharing Files Across Branch Offices

Organizations with multiple physical offices tend to share files or collaborate between offices. You can use DFS Replication to replicate files between these offices, or from branch offices to a hub site. This form of replication helps reduce wide area network (WAN) traffic, and provides high availability should a WAN link or a server fail. DFS Replication ensures that when changes are made to a file, the changes are replicated to all other sites by using delta replication.


QUESTION 10You need to recommend a solution for managing updates.

The solution must meet the technical requirements. What should you include in the recommendation?


A. A System Center 2012 Configuration Manager management point in the main office and a System Center 2012 Configuration Manager distribution point in eachoffice.

B. A System Center 2012 Configuration Manager management point in the main office and a WSUS downstream server in each office.

C. A System Center 2012 Configuration Manager software update point in the main office and a System Center 2012 Configuration Manager distribution point ineach office.

D. A WSUS upstream server in and a WSUS downstream server in each office.



29/11/2015 // Checked


notes:

The section Technical Requirements states:

An administrator of the main office has Windows updates and updates for third-party applications can be approved for all users.

The free Windows Server Update Services (WSUS) enables the distribution of Microsoft Updates. The distribution of updates for third-party software provider is alsolimited only right on the WSUS API is possible.

With the System Center 2012 Configuration Manager, a solution is available that meets all Anfordeurngen justice. In Configuration Manager site system roles areused to manage operations to support at the individual sites.

When you install a Configuration Manager site some site system roles are automatically installed and assigned to the server on which Configuration Manager Setuphas completed successfully.

One of these site system roles, the location server that can not be transferred or removed to another server without uninstalling the location. You can use otherservers to perform additional site system roles or assign some site system roles from the site server by installing Configuration Manager site system server andconfigure. From each site system role certain administrative functions are supported.

System Center 2012 Configuration Manager management point

About this site system role, information on policies and duty stations for clients provided, and go with her configuration data of clients a.

System Center 2012 Configuration Manager Distribution Point This is a site system role with source files that can be downloaded from clients, including application content, software packages, software updates, operatingsystem images and boot images.

System Center 2012 Configuration Manager Software Update Point This site system role is integrated into Windows Server Update Services (WSUS) to provide Configuration Manager client software updates.

http://technet.microsoft.com/en-US/library/gg682106.aspx

QUESTION 11You need to ensure that Group1 can perform the required tasks.

The solution must meet the visualization requirements.

What should you create?


A. A collection

B. A host group

C. An organizational unit (OU)

D. A site




Notes:

The section demands on infrastructure for virtualization contains the following relevant requirements:

The members of a group named Group1 must have the possibility, at the Linz site new virtual machines (VMs) to create. At other sites, they may not create newVMs can.

You can create custom groups of virtual machine hosts create so-called host groups to group hosts and their virtual machines useful. For example, you might create a host group for each branch of your organization. Using host groups, you can also reserve resources on a host for use by the host


operating system.

Host groups are in the navigation pane in the View hosts and in the view of virtual machines displayed as folders and can also serve as part of the delegation ofpermissions as a base.


QUESTION 12You need to create a service template for the web servers used by the CRM application.

What should you include in the service template?


A. A VIP template

B. A host profile

C. Guest OS profile

D. A capability profile





http://technet.microsoft.com/library/gg610569.aspx


Testlet 1

Topic 2: Proseware Inc

No. of Questions: 9

Overview

Proseware Inc., is a manufacturing company that has 4,000 employees.Proseware works with a trading partner named Fabrikam, Inc.

Existing Enviornmnet

Physical Location:

Proseware has a main office and two branch offices.

The main office is located in London. The branch offices are located in Madrid and Berlin.

Proseware has a sales department based in the London office and a research department based in the Berlin office.The offices connect to each other by using a WAN link. Each office connects directly to the Internet.Proseware rents space at a hosting company. All offices have a dedicated WAN link to the hosting company. Web servers that are accessible from the Internet are located at the hosting company.

Active Directory:

The Proseware network contains an Active Directory forest named proseware.com.

The forest contains a single domain. The forest functional level is Windows Server 2012.Each office contains three domain controllers. An Active Directory site is configured for each office.System state backups are performed every day on the domain controllers by using System Center 2012 R2 Data Protection Manager (DPM).

Virtulization:

Proseware has Hyper-V hosts that run Windows Server 2012 R2. Each Hyper-V host manages eight to ten virtual machines. The Hyper-V hosts are configured as shown in the following table.


All of the Hyper-V hosts store virtual machines on direct-attached storage (DAS).

Servers:

All servers run Windows Server 2012 R2. All of the servers are virtualized, except for the Hyper- V hosts.VDI1 and VDI2 use locally attached storage to host virtual hard disk (VHD) files. The VHDs use the .vhd format.

A line-of-business application named SalesApp is used by the sales department and runs on a server named APP1. APP1 is hosted on HyperV2.

A server named CA1 has the Active Directory Certificate Services server role installed and is configured as an enterprise root certification authority (CA) named ProsewareCA.Ten load-balanced web servers hosted on HyperV7 and HyperV8 run the Internet-facing web site that takes orders from Internet customers.

System Center 2012 R2 Operations Manager is used to monitor the health of the servers on the network.All of the servers are members of the proseware.com domain, except for the servers located in the perimeter network.

Client Computers:

All client computers run either Windows 8.1 or Windows 7. Some of the users in the London office connect to pooled virtual desktops hosted on VDI1 and VDI2.

Problem Statements:

Proseware identifies the following issues on the network:

Virtualization administrators report that the load on the Hyper-V hosts is inconsistent.

The virtualization administrators also report that administrators fail to account for host utilization when creating new virtual machines.


Users in the sales department report that they experience issues when they attempt to access SalesApp from any other network than the one in the London office.Sometimes, configuration changes are not duplicated properly across the web servers, resulting in customer ordering issues. Web servers are regularly changed.Demand for virtual desktops is increasing. Administrators report that storage space is becoming an issue as they want to add more virtual machines.

In the past, some personally identifiable information (PII) was exposed when paper shredding procedures were not followed.

Requirements

Planned Changes:

Proseware plans to implement the following changes on the network:

Implement a backup solution for Active Directory.Relocate the sales department to the Madrid office.Implement System Center 2012 R2 components, as required.Protect email attachments sent to Fabrikam that contain PII data so that the attachments cannot be printed.Implement System Center 2012 R2 Virtual Machine Manager (VMM) to manage the virtual machine infrastructure. Proseware does not plan to use private cloudsin the near future.Deploy a new Hyper-V host named RESEARCH1 to the Berlin office. RESEARCH1 will be financed by the research department. All of the virtual machinesdeployed to RESEARCH1 will use VMM templates.

Technical Requirenments:

Proseware identifies the following virtualization requirements:

The increased demand for virtual desktops must be met.Once System Center is deployed, all of the Hyper-V hosts must be managed by using VMM.If any of the Hyper-V hosts exceeds a set number of virtual machines, an administrator must be notified by email.Network administrators in each location must be responsible for managing the Hyper-V hosts in their respective location. The management of the hosts must beperformed by using VMM.The network technicians in each office must be able to create virtual machines in their respective office.The network technicians must be prevented from modifying the host server settings.New virtual machines must be deployed to RESEARCH1 only if the virtual machine template used to create the machine has a value specified for a customproperty named CostCenter' that matches Research'.

The web site configurations must be identical on all web servers.

Security Requirenments:

Proseware identifies the following security requirements:

All email messages sent to and from Fabrikam must be encrypted by using digital certificates issued to users by the respective CA of their company. No othercertificates must be trusted between the organizations.Microsoft Word documents attached to email messages sent from Proseware to Fabrikam must be protected.Privileges must be minimized, whenever possible.


QUESTION 1You are evaluating the use of VMM to migrate APP1 for the sales users.

You need to identify the effects of the migration.

What should you identify?


A. The VHDs and the virtual machine configuration files will move. The sales users' access to APP1 will be interrupted.

B. The VHDs will move but the virtual machine configuration files will remain in the original location.The sales users will continue to have uninterrupted access to APP1.

C. The virtual machine configuration files will move but the VHDs will remain in the original location.The sales users' access to APP1 will be interrupted.

D. The VHDs and the virtual machine configuration files will move. The sales users will continue to have uninterrupted access to APP1.



01/12/2015 // Checked

The sales department uses an industry-specific application named SallesApp. The application runs on a server named App1.

In section Planned changes it says.

The sales department will be relocated to the Madrid location in the section Problem Reports states:

The Sales Department report that problems arise when they are out access to another network than the of London on the SallesApp.

Virtual Machine Manager (VMM) in System Center 2012 R2 provides support for migrations between standalone Hyper-V hosts or hosts in a cluster.


If the resource files of a VM in an SMB 3.0 file sharing are stored, the virtual disks and configuration files without interrupting the operation of the virtual machinecan be moved from one host to another host.

NEED TO FIND A ENG VERSION :)

QUESTION 2You need to recommend a design that meets the technical requirements for managing the Hyper-V hosts by using VMM.

What should you recommend? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:


Section: [none]Explanation


01/12/2015 // Checked

Problem Statements

The network administrators at each site shall be responsible for the Hyper-V hosts within its site. Are used for managing the hosts must Virtual Machine Manager(VMM).The network engineers at each site must be given the ability to create virtual machines at their location.The network engineers must be prevented from changing settings in the Hyper-V host server.

For the Hyper-V host research1 a separate host group may have to be created in order to apply a custom placement rule can. The host research1 located but inBerlin and is not relevant here. Description of the user roles in VMM The following are the functions of the individual user roles in VMM summarized.


Administrator - members of the user role "Administrators" can be used for all objects that are managed by VMM, run all administrative actions.

Fabrican Administrator (delegated administrator) - members of the user role "delegated administrator" can perform all administrative tasks within their assignedhost groups and library servers Clouds, one exception is the addition of XenServer and adding WSUS servers. Delegated administrators can not change the VMMsettings and add any members of the user role "Administrators" or remove.

Administrator with read permission - Administrators with read permission, properties, status and job status of objects within their assigned host groups andlibrary servers Clouds View, however, it is not possible for you to change the properties. Administrators with read permissions can also view Run As Accounts thathave been specified by administrators or delegated administrators for the role of administrators with read permission.

Tenant Administrator - members of the user role "tenant administrator" to manage self-service users and VM networks. Client administrators can create on theVMM console or a Web portal their own virtual machines and services, deploy and manage. You may also possible to specify the tasks that self-service users canperform on their virtual machines and services, and to set quotas for computer resources and virtual machines.

Application Administrator (self-service user) - Members of the role "self-service user" can create on the VMM console or a Web portal their own virtual machinesand services, deploy and manage.

QUESTION 3You need to recommend changes to the existing environment to meet the PII requirement.

What should you recommend?

A. In the Default Domain Policy, configure auto-enrollment for the S/MIME certificates from ProsewareCA.

B. Create an AD RMS cluster in Proseware, and then provision the user accounts in Proseware for the Fabrikam users.

C. Configure Active Directory Federation Services (AD FS) in Fabrikam, and then install a web application proxy in Proseware.

D. In the Default Domain Policy, configure auto-enrollment for the S/MIME certificates from FabrikamCA.



01/12/2015 // Checked

Notes:

Regarding personal data the section contains Planned changes include

file attachments to e-mail messages that contain personally identifiable information and are sent to employees of Fabrikam, are to be protected so that they can notbe printed.


In the Active Directory -Rechteverwaltungsdiensten (AD RMS - Active Directory Rights Management Services) is an information protection technology that protectsdigital information in conjunction with AD RMS-enabled applications from unauthorized use. Content owners can define who can open the information, change, print,or forward or perform other actions with the information.

QUESTION 4You need to implement a solution for the email attachments.

Both organizations exchange root CA certificates and install the certificates in the relevant stores.

You duplicate the Enrollment Agent certificate template and generate a certificate based on the new template.

Which additional two actions should you perform? Each Answer presents part of the solution.

A. Request cross-certification authority certificates.

B. Create Capolicy.inf files.

C. Request subordinate CA certificates.

D. Create Policy.inf files.

Correct Answer: ADSection: [none]Explanation


01/12/2015 // Checked

In the section safety requirements states that all e-mail messages that are sent to the Fabrikam or received by the Fabrikam must be encrypted with a digitalcertificate that users issued by a certification body of their respective companies. Other certificates can not be trusted between the two companies. Using crosscertificates is a trust relationship between separate certification hierarchies prepared for. B. in separate networks or parts of a network. The purpose of such trust is,inter alia, that can be limited, which is trusted certificates. The client should not rely on a lump sum all the certificates of other CA according to the safetyrequirements. Cross certificates are typically configured for the following purposes:

Define the namespaces for use issued in a certification hierarchy and certificates may be accepted in the second hierarchy.Specify the acceptable uses of by a cross-certified CA (Certification Authority, CA) issued certificates.Define the exhibition practices that must be followed for a document issued by a cross-certified CA certificate so that this is considered as valid in the otherhierarchy.

Creating a managed trust between separate certification hierarchies.Policy.inf files of cross-certification between two CAs are used to describe the limitations of the trust under. With a CAPolicy.inf configuration settings can bespecified, which normally can not be configured during installation of the certification authority. The file must be created before installing Certificate Services. Formore information on the topic, see the following TechNet blog article Constraints: What They are and how they 're used and in the following Articles of


WindowsITPro.com: CA Trust Relationships in Windows Server 2003 PKI

http://windowsitpro.com/security/ca-trust-relationships-windows-server-2003-pki

QUESTION 5You need to ensure that RESEARCH1 only contains the required virtual machines.

What should you do?

A. Create an availability set.

B. Create a custom placement rule.

C. Set RESEARCH1 as a possible owner.

D. Set RESEARCH1 as a preferred owner.



01/12/2015 // Checked

The section Technical Requirements contains the following relevant point:.

New Virtual Machine may only be provided on research1 when the template used in a custom property named cost center contains the value of research in VirtualMachine Manager (VMM) can create custom properties create and host servers, virtual machines and virtual machine templates are assigned.

Using custom rules can then placing a rule can be created based on the assigned properties, which prescribes that the host server and the virtual machine ortemplate to a virtual machine must have the same value for a particular property. With deviating values, the VM can then not running on the virtualization host or notprovided. Placement rules are configured in the properties of the host groups.

In the following example, the host server and virtual machine must have the same value for the property Custom1 exhibit.

Otherwise, the virtual machine is blocked on the host: VMM Availability sentences serve to define virtual machines (VMs) to be hosted by VMM on separate hosts toimprove service continuity.

The answers C and D relate to configuration settings of a failover cluster. In research1 is a single host.




QUESTION 6You need to recommend changes to the existing environment to meet the web server requirement.

Which two actions should you recommend? Each Answer presents part of the solution.


A. On one web server, run the Start-DSCConfiguration cmdlet. Create and run a configuration script.

B. On all of the web servers, install the Windows PowerShell Web Access feature, and then run the Set-DscLocalConfigurationManager cmdlet.

C. On all of the web servers, configure the Local Configuration Manager settings, and then run the Set-DscLocalConfigurationManager cmdlet.

D. On one web server, install the Windows PowerShell Desired State Configuration (DSC) feature.Create and run a configuration script.

Correct Answer: CDSection: [none]Explanation


01/12/2015 // Checked

Problem Statements States:

Sometimes configuration changes are not transmitted correctly on all web servers of the Web server farm. This leads to problems in customers' orders.

The web server will be changed regularly. Desired Configuration State (DSC) is a new feature of Windows PowerShell 4.0 or the Windows Management Framework4.0. It makes it possible to describe the desired configuration of one or more computers (nodes) in a configuration file and then apply via PowerShell cmdlet on oneor more computers.

By applying the configuration file to configure the computer is adapted to the settings described in the file. The Local Configuration Manager is a service of thedesired state Configuration (DSC) with which to automate the retrieval and applying a configuration.

QUESTION 7You need to recommend a monitoring solution for Proseware.

Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area andarrange them in the correct order.

Select and Place:


Correct Answer:




01/12/2015 // Checked

The section Technical Requirements contains the following relevant requirements:

If any of the Hyper-V hosts exceeds a predetermined number of running virtual machines, an administrator via e-mail must be notified.

You can System Center 2012 - Virtual Machine Manager (VMM) with . Connect Operations Manager to monitor integrity and availability of the managed by VMMvirtual machines and virtual machine hosts

Integrating Operation Manager in Virtual Machine Manager takes place in the System Center VMM console settings:



QUESTION 8You need to recommend changes to the existing environment to meet the email requirement.


A. Implement a two-way forest trust that has selective authentication.

B. Implement qualified subordination.

C. Deploy the FabrikamCA root certificate to all of the client computers.

D. Deploy a user certificate from FabrikamCA to all of the users.



01/12/2015 // Checked

In the section safety requirements states that all e-mail messages that are sent to the Fabrikam or received by the Fabrikam must be encrypted with a digitalcertificate that users issued by a certification body of their respective companies. Other certificates can not be relied upon in relation to the e-mail encryptionbetween the two companies. Using qualified subordination, you can for subordinate CAs place restrictions on the issue of the certificate and specify use restrictionsissued by those CAs certificates.

With qualified subordination, you can align subordinate CAs to specific certification requirements and the Public Key Infrastructure Public Key Infrastructure (PKI)more efficiently manage. You can also use qualified subordination establish trust between CAs in separate trust hierarchies. This type of trust relationship is alsocalled cross-certification. With this trust relationship, qualified subordination is not limited to subordinate CAs. Trusts between hierarchies may be established inanother hierarchy by using a subordinate CA in one hierarchy and the root certification authority.

QUESTION 9You need to recommend changes to the virtual desktop infrastructure (VDI) environment.


A. Implement Hyper-V replication between VDI1 and VDI2.

B. Create new VDI virtual machines that are Generation 2 virtual machines.

C. Convert the existing VHDs to .vhdx format.

D. Move the VHDs to a Cluster Shared Volume (CSV) and implement Data Deduplication on the CSV.




01/12/2015 // Checked

Problem Statements States:

The need for virtual desktops is increasing steadily. The administrators reported that bottlenecks occur during storage in the provision of additional virtualmachines.

The deduplication enables a very effective optimization of memory usage and reducing the space used -. In selecting the right data by 50% to 90%

From Windows Server 2012 R2 supports data deduplication and virtual hard disks (VHDs) a virtual desktop infrastructure (VDI). On Windows Server 2012deduplication for VHDs could not be used in a virtual desktop infrastructure.



Testlet 1

Topic 3: Northwind Traders

No. of Questions: 10

Overview

Northwind Traders is an IT services and hosting provider.

Northwind Traders has two main data centers in North America. The data centers are located in the same city. The data centersconnect to each other by using high-bandwidth, low-latency WAN links. Each data center connects directly to the Internet.

Northwind Traders also has a remote office in Asia that connects to both of the North American data centers by using a WAN link. TheAsian office has 30 multipurpose servers.

Each North American data center contains two separate network segments. One network segment is used to host the internal serversof Northwind Traders. The other network segment is used for the hosted customer environments.

Existing Enviornment

Active Directory:

The network contains an Active Directory forest named northwindtraders.com. The forest contains a single domain. All servers runWindows Server 2012 R2.

Server Enviornment:

The network has the following technologies deployed:

Service Provider FoundationWindows Azure Pack for Windows ServerSystem Center 2012 R2 Virtual Machine Manager (VMM)An Active Directory Rights Management Services (AD RMS) clusterAn Active Directory Certificate Services (AD CS) enterprise certification authority (CA)

All newly deployed servers will include the following components:

Dual 10-GbE Remote Direct Memory Access (RDMA)-capable network adaptersDual 1-GbE network adapters


128 GB of RAM

Requirments

Business Goals:

Northwind Traders will provide hosting services to two customers named Customer1 andCustomer2.

The network of each customer is configured as shown in the following table.

Planned Changes:

Northwind Traders plans to implement the following changes:

Deploy System Center 2012 R2 Operations Manager.Deploy Windows Server 2012 R2 iSCSI and SMB-based storage.Implement Hyper-V Recovery Manager to protect virtual machines.Deploy a certificate revocation list (CRL) distribution point (CDP) on the internal network.For Customer 1, install server authentication certificates issued by the CA of Northwind Traders on the virtual machine in the hostingnetworks.

General Requirements:

Northwind Traders identifies the following requirements:

Storage traffic must use dedicated adapters.All storage and network traffic must be load balanced.The amount of network traffic between the internal network and the hosting network must be minimized.The publication of CRLs to CDPs must be automatic.


Each customer must use dedicated Hyper-V hosts.Administrative effort must be minimized, whenever possible.All servers and networks must be monitored by using Operations Manager.Anonymous access to internal file shares from the hosting network must be prohibited.All Hyper-V hosts must use Cluster Shared Volume (CSV) shared storage to host virtual machines.All Hyper-V storage and network traffic must remain available if single network adapter fails.The Hyper-V hosts connected to the SMB-based storage must be able to make use of the RDMA technology.The number of servers and ports in the hosting environment to which the customer has access must be minimized.

Customer1 Requirements:

Northwind Traders identifies the following requirements for Customer1:

Customer1 must use SMB-based storage exclusively.Customer1 must use App Controller to manage hosted virtual machines.The virtual machines of Customer1 must be recoverable if a single data center fails.Customer1 must be able to delegate self-service roles in its hosted environment to its users.Customer1 must be able to check for the revocation of certificates issued by the CA of Northwind Traders.The users of Customer1 must be able to obtain use licenses for documents protected by the AD RMS of Northwind Traders.Certificates issued to the virtual machines of Customer1 that reside on the hosted networks must be renewed automatically.

Customer2 Requirements:

Northwind Traders identifies the following requirements for Customer2:

Customer2 must use iSCSI-based storage exclusively.All of the virtual machines of Customer2 must be migrated by using a SAN transfer.None of the metadata from the virtual machines of Customer2 must be stored in Windows Azure.The network configuration of the Hyper-V hosts for Customer2 must be controlled by using logical switches.The only VMM network port profiles and classifications allowed by Customer2 must be low-bandwidth, medium-bandwidth, or high-bandwidth.The users at Northwind Traders must be able to obtain use licenses for documents protected by the AD RMS cluster of Customer2.Customer2 plans to decommission its AD RMS cluster during the next year.

QUESTION 1You need to recommend a network configuration for the newly deployed Hyper-V hosts used by Customer1.

On which network adapter should you recommend performing each configuration? To answer, select the appropriate network adapter for each configuration in theanswer area.



Hot Area:

Correct Answer:




01/12/2015 // Checked

All newly installed server contains a dual-port 10GbE network adapters with support for Remote Direct Memory Access (RDMA) and a dual-port 1 GbE networkadapter. See the section General requirements states that:

Access the Hyper-V hosts to the storage and network traffic with the virtual machines must be possible even if a single network adapter.The need to use Hyper-V hosts that are SMB-based storage Remote Direct Memory Access (RDMA) can use technology.

Windows Server 2012 includes the new feature "SMB Direct", which supports the use of network adapters with function for direct remote memory access (RemoteDirect Memory Access, RDMA). Network adapters with RDMA can at maximum speed to work with very low latency - and the CPU usage at very low. For workloadssuch as Hyper-V or Microsoft SQL Server, this means that a remote file server is equivalent to a local store. "SMB Direct" features

Increased throughput: uses the entire throughput of high-speed networks, the network adapter coordinate the transfer large amounts of data at the transfer rateof the line.Low latency: provides extremely fast responses to network requirements and consequently aroused the impression that the remote storage of files is just likesaving a block storage directly connected.Low CPU usage: used in data transmission over the network CPU cycles, thereby maintaining more power reserves for server applications.


"SMB Direct" 2012 will be configured automatically by Windows Server. "SMB Multichannel" and "SMB Direct" When "SMB Multichannel" is the feature fordetecting the RDMA function of network adapters to enable "SMB Direct".

Without "SMB Multichannel," used SMB regular TCP / IP for RDMA-capable network adapter (all network adapters provide along with the new RDMA stack a TCP /IP stack available). With "SMB Multichannel" recognizes SMB whether a network adapter on the RDMA function features.

Subsequently, several RDMA connections for that one session be made (two per port). This enables the use of SMB high throughput, low latency and low CPUutilization that can offer RDMA-capable network adapters. The feature also provides a fault tolerance, if you use multiple RDMA interfaces.

Important:

You should not be summed up in teams RDMA-capable network adapters if you want to use the RDMA function of the network adapter. In a summary in theteam network adapters do not offer RDMA support.After at least one RDMA network connection was created that used for the original protocol negotiation TCP / IP connection is no longer used. In the event thatthe RDMA network connections fail, the TCP / IP connection remains applicable.

QUESTION 2You need to recommend which setting must be applied to the virtualization infrastructure of Northwind Traders to minimize the impact of multiplevirtual machines starting concurrently.

What command should you recommend running? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:




01/12/2015 // Checked

In the section General requirements states that all Hyper-V hosts must use for hosting virtual machines Cluster Shared Volumes (Cluster Shared Volumes, CSVs).

In order to improve the performance of Cluster Shared Volumes in termsworkloads with intensive read accesses the CSV Cache be increased for each node ofthe cluster. By default, the cache with 0 MB is determined by the following call to the cache with 8192 MB is specified:

For Windows Server 2012 R2:(Get-Cluster) .BlockCacheSize = 8192

For Windows Server 2012:(Get-Cluster).SharedVolumeBlockCacheSizeInMB = 8192

In the following TechNet article for more information on the topic:

https://technet.microsoft.com/en-gb/library/jj612868.aspx

QUESTION 3You need to recommend a configuration for the CA extensions of Northwind Traders that meets the certificate revocation requirement of Customer1.

What should you recommend? To answer, select the appropriate prefix of the target location for the each extension settings in the answer area.

Hot Area:


Correct Answer:



01/12/2015 // Checked

In the section requirements of Customer1 states: Customer1 must be able to check the revocation status of certificates, issued by the Northwind Traders.

The CRLs of Devtec GmbH can by activating the option CRLs published at this location for a location type file: // will be published in a directory that is accessiblethrough a web server. By activating the option in the CDP extension of issued certificates include a matching http: // URL, the information for the retrieval of therevocation list are directly integrated into the certificates.

QUESTION 4


You need to prepare for the migration of virtual machines across the Hyper-V hosts of Customer2.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in thecorrect order.

Select and Place:

Correct Answer:




01/12/2015 // Checked

In the section requirements of Customer2 states:

For the migration of virtual machines (VMs) from Customer2 to use the direct transfer between Storage Area Networks (SANs).

System Center 2012 R2 Virtual Machine Manager provides support for Offloaded Data Transfer ( OXD). . Through ODX VMs can be much faster from a library toprovide as with earlier versions

To use ODX the following requirements must be met:

Hardware:

Storage Array with ODX support (iSCSI, FC, FCoE, or SAS)

Software:


Windows Server 2012 or Windows Server 2012 R2File system: NTFSFiles must be greater than 256 KB

Hyper-V:

To use ODX within a VM, must be fulfilled one of the points:

VHD / VHDX files of VM must be on an ODX-enabled LUN.ODX capable iSCSI LUN that is connected to the iSCSI initiator directly to the VM.ODX-capable Fibre Channel LUN, which is connected to the virtual FC adapter directly to the VM.

SMB 3.0 release, which lies on a ODX capable storage array.As part of the preparation, it is important to involve the storage array in VMM. In the first step the array multipath support on the Hyper-V hosts must be involved(Action 3).

Following it can be added to the fabric settings VMM. After the storage array has been added to the fabric settings VMM, the iSCSI array can in the properties of ahost or a host group in the section memory is selected and added (Action 2). After adding the array then individual disks in the array can be hinzugeügt (Action 4).The figure shows the properties of a Hyper-V cluster node named VH1.

The cluster is added to an iSCSI storage array. The disk Physicaldrive3 is a iSCSI disk, which is located on the array. In turn, the iSCSI disk containing a volumenamed iDaten1, which is assigned to the cluster as a shared cluster disk.


QUESTION 5You need to prepare the required Hyper-V virtual network components for Customer2.

Which four objects should you create and configure in sequence? To answer, move the appropriate objects from the list of objects to the answer area and arrangethem in the correct order.

Select and Place:


Correct Answer:



01/12/2015 // CheckedCertbase notes:



http://blogs.technet.com/b/scvmm/archive/2013/11/27/adopting-network-virtualization-part-ii.aspx

The network configuration of Hyper-V hosts of Customer2 must be controlled by logic switches. Logical switches contain configurations that hosts can be applied to virtual switches different Hyper-V.




The wizard for creating a logical Switches are the order of the objects to be created before:


QUESTION 6You need to recommend a solution that meets the AD RMS requirements of Customer1 and Customer2.

Which actions should you recommend performing for each customer? To answer, select the appropriate customer for each action in the answer area.

Hot Area:


Correct Answer:



01/12/2015 // Checked with certbase


https://technet.microsoft.com/en-us/library/cc755156.aspx


The user of Customer1 must be able to obtain operating licenses for documents that are protected by the AD RMS cluster the Northwind Traders.


The user of the Northwind Traders must be able to obtain operating licenses for documents that are protected by the AD RMS cluster of Customer2.

Customer2 plans to take his AD RMS cluster in the course of next year out of order. You can AD RMS Trust Policies create so that AD RMS can process licensingrequests for content that has been protected by another AD RMS cluster by rights. Trust Policies can be defined as follows:

Trusted User Domains

The addition of a trusted user domain allows the AD RMS root cluster to process requests for client licensor certificates or use licenses from users whose rightsaccount certificates (RACs) were issued by a different AD RMS root cluster. You add a trusted user domain by importing the server licensor certificate of the ADRMS cluster to trust.

https://technet.microsoft.com/en-us/library/dd983944(v=ws.10).aspx

Trusted Publishing Domains


The addition of a trusted publishing domain allows one AD RMS cluster to issue use licenses against publishing licenses that were issued by a different AD RMScluster. You add a trusted publishing domain by importing the server licensor certificate and private key of the server to trust.

https://technet.microsoft.com/en-us/library/dd996639(v=ws.10).aspx

Windows Live ID Setting up a trust with Microsoft’s online RMS service allows an AD RMS user to send rights-protected content to a user with a Windows Live ID.The Windows Live ID user will be able to consume rights-protected content from the AD RMS cluster that has trusted Microsoft’s online RMS service, but theWindows Live ID user will not be able to create content that is rights-protected by the AD RMS cluster.

Microsoft Federation Gateway . Establishing a trust through the Microsoft Federation Gateway enables an AD RMS cluster to accept certification and licensingrequests from external organizations by accepting claims-based authentication tokens from the Microsoft Federation Gateway. In effect, the Microsoft FederationGateway acts as a trusted broker between the two organizations by verifying the identity of the two organizations in the transaction. Unlike a federated trust,establishing a trust relationship through Microsoft Federation Gateway does not require a forest in one organization to explicitly federate with a forest in the otherorganization. Instead, you can use filter lists to determine which domains can receive certificates or licenses from the AD RMS cluster.

The following diagram illustrates the flow of data between a remote user and an AD RMS cluster that is federated to the remote user’s forest.


QUESTION 7You need to recommend changes to allow Customer1 to delegate permissions in its hosting environment to its users.

Where should you recommend performing each task? To answer, select the appropriate location for each task in the answer area.

Hot Area:


Correct Answer:






Can delegate Customer1 must self-service user roles to his colleagues.

Applies To: System Center 2012 SP1 - Orchestrator, System Center 2012 R2 Orchestrator

Service providers can use Service Provider Foundation technology to offer infrastructure as a service (IaaS) to their clients. If a service provider has a front-endportal for clients to interact with, Service Provider Foundation makes it possible for the clients to access the resources on their hosting provider’s system withoutmaking changes to the portal.

The following illustration provides a high-level view of how Service Provider Foundation operates.

The tenant represents a hoster's customer, and the tenant has assets on the hoster's system. Each tenant has their own administrators, applications, scripts, andother tools.

The hoster provides tenants with the environment, which can include virtual machines. The hoster has an existing front-end portal, which all tenants can use. On theback end, the hoster has a collection of resources, which is called the fabric. The hoster allocates those resources into discrete groups according to the hoster’sneeds. Each of these groups is known as a stamp. The hoster can then assign the tenant’s resources to stamps in whatever manner is appropriate to the hoster.The resources may be divided across several stamps, according to the hoster’s business model scheme. Service Provider Foundation makes it possible for thehoster to present a seamless user experience to the tenant by aggregating the data from each stamp and allowing the tenant to use the Service ProviderFoundation application programming interfaces (APIs) to access that data.


A stamp in Service Provider Foundation is a logical scale unit designed for scalability that provides an association between a server and its System Center 2012Service Pack 1 (SP1) components. As tenant demand increases, the hoster provides additional stamps to meet the demand. Note that Service Provider FoundationSystem Center 2012 SP1 supported only one type of stamp; that is a single server that has Virtual Machine Manager (VMM) installed.

Service Provider Foundation does not configure clouds; instead, it manages their resources. Virtual machines are set to clouds, for example, when they are createdfor VMM or when they are created by the T:Microsoft.SystemCenter.VirtualMachineManager.Cmdlets.New-SCVirtualMachine cmdlet.

The hoster can have a portal client, which faces the tenant, that provides access to the infrastructure that the hoster has granted. The portal uses an extensiblerepresentational state transfer (REST) API to communicate with the web service by using the OData protocol. The claims-based authentication verifies the tenant’sidentity and associates it with the user role that the hoster assigns.Service Provider Foundation uses a database to aggregate the tenant resources, which are managed with Windows PowerShell scripts and Orchestrator runbooks.This makes it possible for the hoster to distribute tenant resources among management stamps in whatever way it decides, while to the tenant the resources areeasy to access and appear contiguous.

https://technet.microsoft.com/en-us/library/jj642897.aspx

QUESTION 8You need to recommend a monitoring solution for Northwind Traders.


What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.


A. Three Operations Manager management servers and two Operations Manager gateway servers

B. One Operations Manager management server

C. Two Operations Manager management servers and three Operations Manager gateway servers

D. Five Operations Manager management servers



01/12/2015 // Checked

In the section General requirements states that

All servers and networks must be monitored by System Center 2012 R2 Operations Manager.

System Center 2012 – Operations Manager requires mutual authentication be performed between agents and management servers prior to the exchange ofinformation between them. To secure the authentication process between the two, the process is encrypted. When the agent and the management server reside inthe same Active Directory domain or in Active Directory domains that have established trust relationships, they make use of Kerberos V5 authenticationmechanisms provided by Active Directory. When the agents and management servers do not lie within the same trust boundary, other mechanisms must be used tosatisfy the secure mutual authentication requirement.

In Operations Manager, this is accomplished through the use of X.509 certificates issued for each computer. If there are many agent-monitored computers, this


results in high administrative overhead for managing all those certificates. In addition, if there is a firewall between the agents and management servers, multipleauthorized endpoints must be defined and maintained in the firewall rules to allow communication between them.

To reduce this administrative overhead, Operations Manager has a server role called the gateway server. Gateway servers are located within the trust boundary ofthe agents and can participate in the mandatory mutual authentication. Because they lie within the same trust boundary as the agents, the Kerberos V5 protocol forActive Directory is used between the agents and the gateway server. Each agent then communicates only with the gateway servers that it is aware of. The gatewayservers communicate with the management servers.

To support the mandatory secure mutual authentication between the gateway servers and the management servers, certificates must be issued and installed, butonly for the gateway and management servers. This reduces the number of certificates required, and in the case of an intervening firewall it also reduces thenumber of authorized endpoints to be defined in the firewall rules. The following illustration shows the authentication relationships in a management group using agateway server.

https://technet.microsoft.com/en-us/library/hh212823.aspx

QUESTION 9You plan to implement a solution that meets the certificate requirements of Customer1.

You need to identify which role services must be deployed to the hosting environment.

Which two role services should you identify? Each Answer presents part of the solution.

A. Certification Authority Web Enrollment

B. Online Responder

C. Certificate Enrollment Policy Web Service

D. Certificate Enrollment Web Service



01/12/2015 // Checked

The section demands of Customer1 contains the following two relevant points:

Customer1 must be able to check the revocation status of certificates, issued by the Northwind Traders.Certificates that have been issued for the virtual machines from Customer1 must be renewed automatically.


The Certificate Enrollment Policy Web Service is an Active Directory Certificate Services role service (Active Directory Certificate Services AD CS), which allowsusers and computers to retrieve information on the Certificate Enrollment Policy. Together with the Certificate Enrollment Web Service, this enables policy-basedcertificate enrollment when the client computer is not joined to a domain or if there is no connection with the domain for a domain member.

The Certificate Enrollment Policy Web Service uses the HTTPS protocol to pass information about certificate policy on network client computers , The Webservice calls by using the LDAP protocol from information about the certificate policy from Active Directory Domain Services (Active Directory Domain Services, ADDS) and stores the policy information for the processing of client requests between. In previous versions of AD CS could only domain client computers that use theLDAP protocol to access the information on the certificate policy.

Thus the issue of policy-based certificates is limited to the conditions laid down by the forests of the Active Directory Domain Services Trust boundaries. Thepublication of registration guidelines HTTPS enables the following new deployment scenarios:

Certificate enrollment across forest boundaries to reduce the number of certification bodies (Certification Authorities CAs) in an organization.Extranet deployment to issue mobile employees and business partners certificates.

QUESTION 10You need to implement a Hyper-V Recovery Manager solution in the hosting environment of Northwind Traders.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in thecorrect order.

Select and Place:


Correct Answer:




01/12/2015 // Checked

In the section Planned changes it says:

Windows Azure Hyper-V Recovery Manager should be used for the protection of virtual machines.

Windows Azure Hyper-V Restore Manager is a cloud-based service, the Hyper-V Replication features the Backing up virtual machines used in Windows Azure.Windows Azure Hyper-V Restore Manager is part of Microsoft Azure Site Recovery.



Microsoft Azure Site Recovery can protect virtual machines running on Hyper-V host servers which are located in VMM Clouds (System Center Virtual MachineManager) , Using Azure Site Recovery You can set up replication and failover between two local VMM servers or between a local VMM server and Microsoft Azure.

For more information on the topic, see the Deployment Guide for Windows Azure Site Recovery: Deploying Azure Site Recovery: Protection between local sites

https://azure.microsoft.com/en-us/documentation/articles/site-recovery-vmm-to-vmm/?cdn=disable


Testlet 1

Case Study 2: A. Datum

Overview

Datum Corporation is an accounting company.The company has a main office and two branch offices. The main office is located in Miami. Thebranch offices are located in New York and Seattle.

Existing Environment

Network InfrastructureThe network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2.The main office has the following servers and client computers:

- Two domain controllers configured as DNS servers and DHCP servers- One file server that has multiples shares- One thousand client computers that run Windows 7

Each branch office has the following servers and client computers:

- One domain controller configured as a DNS server and a DHCP server- Five hundred to 800 client computers that run Windows XP Each office has multiple subnets.

The network speed of the local area network (LAN) is 1 gigabit per second. The offices connect to each other by using a WAN link. The main office is connected tothe Internet.

Current IssuesThe WAN link between the Miami office and the Seattle office is a low bandwidth link with high latency. The link will not be replaced for another year.

Requirements

Application RequirementsThe company is developing an application named App1. App1 is a multi-tier application that will be sold as a service to customers.Each instance of App1 is comprised of the following three tiers:

- A web front end- A middle tier that uses Windows Communication Foundation (WCF)- A Microsoft SQL Server 2008 R2 database on the back end

Each tier will be hosted on one or more virtual machines. Multiple-tiers cannot coexist on the same virtual machine. When customers purchase App1, they canselect from one of the following service levels:


- Standard: Uses a single instance of each virtual machine required by App1. If a virtual machine become unresponsive, the virtual machine must be restarted.- Enterprise: Uses multiple instances of each virtual machine required by App1 to provide high-availability and fault tolerance.

All virtual hard disk (VHD) files for App1 will be stored in a file share. The VHDs must be available if a server fails.You plan to deploy an application named App2. App2 is comprised of the following two tiers:

- A web front end- A dedicated SQL Server 2008 R2 database on the back end

App2 will be hosted on a set of virtual machines in a Hyper-V cluster in the Miami office.The virtual machines will use dynamic IP addresses. A copy of the App2 virtual machines will be maintained in the Seattle office. App2 will be used by users from apartner company named Trey Research. Trey Research has a single Active Directory domain named treyresearch.com. Treyresearch.com contains a server thathas the Active Directory Federation Services server role and all of the Active Directory Federation Services (AD F5} role services installed.

Planned ChangesDatum plans to implement the following changes:

- Replace all of the servers with new servers that run Windows Server 2012.- Implement a private cloud by using Microsoft System Center 2012 to host instances of Appl.- In the Miami office, deploy four new Hyper-V hosts to the perimeter network.- In the Miami office, deploy two new Hyper-V hosts to the local network.- In the Seattle office, deploy two new Hyper-V hosts.- In the Miami office, implement a System Center 2012 Configuration Manager primary site that has all of the system roles installed.- Implement a public key infrastructure (PKI).- Implement AD FS.

Notification RequirementsDatum identifies the following notification requirements:

- Help desk tickets must be created and assigned automatically when an instance of App1 becomes unresponsive.- Customers who select the Enterprise service level must receive an email notification each time a help desk ticket for their instance of App1 is opened or closed.

Technical RequirementsDatum identifies the following technical requirements:

- Minimize costs whenever possible.- Minimize the amount of WAN traffic.- Minimize the amount of administrative effort whenever possible.- Provide the fastest possible failover for the virtual machines hosting App2.- Ensure that administrators can view a consolidated report about the software updates in all of the offices.- Ensure that administrators in the Miami office can approve updates for the client computers in all of the offices.


Security RequirementsDatum identifies the following security requirements:

- An offline root certification authority (CA) must be configured.- Client computers must be issued certificates by a server in their local office.- Changes to the CA configuration settings and the CA security settings must be logged.- Client computers must be able to renew certificates automatically over the Internet.- The number of permissions and privileges assigned to users must be minimized whenever possible.- Users from a group named Group1 must be able to create new instances of App1 in the private cloud.- Cent computers must be issued new certificates when the computers are connected to the local network only.- The virtual machines used to host App2 must use BitLocker Drive Encryption (BitLocker).- Users from Trey Research must be able to access App2 by using their credentials from treyresearch.com.

QUESTION 1You need to recommend which type of clustered file server and which type of file share must be used in the Hyper-V cluster that hosts App2.

The solution must meet the technical requirements and the security requirements.



A. A scale-out file server that uses an NFS share

B. A file server that uses an SMB share

C. A scale-out file server that uses an SMB share

D. A file server that uses an NFS share





http://technet.microsoft.com/en-us/library/hh831349.aspx



Solution: You recommend a scale-out file server that uses an NFS share.

Does this meet the goal?

A. Yes

B. No




Hyper-V in Windows Server 2012 supports file shares that use the Server Message Block (SMB) protocol version. 3 NFS shares are however not supported as thedata store. Note: Windows Server 2012 features but on an implementation of the Network File System (NFS) in version 4.1 and can provide NFS shares that can beused as storage of VMware vSphere.

QUESTION 3In adatum.com, you install and configure a server that has the Active Directory Federation Services server role and all of the AD FS role services installed.

You need to recommend which AD FS configurations must be performed m adatum.com to meet the security requirements.

Which configurations should you recommend before creating a trust policy?

A. Export the server authentication certificate and provide the certificate to Trey Research. Import the token-signing certificate from Trey Research.

B. Export the server authentication certificate and provide the certificate to Trey Research. Import the server authentication certificate from Trey Research.

C. Export the token-signing certificate and provide the certificate to Trey Research. Import the server authentication certificate from Trey Research.

D. Export the token-signing certificate and provide the certificate to Trey Research. Import the token-signing certificate from Trey Research.





http://technet.microsoft.com/en-us/library/dd807097(v=ws.10).aspx

QUESTION 4You are configuring the Certification Authority role service.

From the Certification Authority console, you enable logging.

You need to ensure that configuration changes to the certification authority (CA) are logged.

Which audit policy should you configure?

A. Audit policy change

B. Audit privilege use


C. Audit system events

D. Audit object access



29/11/2015 // Checked

Explanation:


http://terrytlslau.tls1.cc/2012/05/how-to-enable-certification-authority.html

QUESTION 5You need to recommend a solution that meets the notification requirements.

Which System Center 2012 components should you include in the recommendation?

A. Operations Manager, Service Manager and Orchestrator

B. Configuration Manager, Service Manager and Orchestrator

C. App Controller, Configuration Manager and Operations Manager

D. Service Manager, Orchestrator and App Controller





http://www.microsoftvirtualacademy.com/tracks/system-center-2012-orchestrator-service-manager

QUESTION 6You need to recommend a solution to maintain a copy of App2.

The solution must meet the application requirements and must minimize additional hardware purchases.


A. Multi-site Failover Clustering

B. Hyper-V replicas

C. Single-site Failover Clustering

D. Distributed File System (DFS) Replication




29/11/2015 // Checked

Explanation:



QUESTION 7You need to recommend a solution that meets the security requirements for Group1.

To which System Center 2012 Virtual Machine Manager (VMM) group should you assign Group1?


A. Read-Only Administrator

B. Administrators

C. Delegated Administrator

D. Self-Service User



29/11/2015 // Checked

Explanation:


http://mountainss.wordpress.com/2011/11/19/user-roles-in-system-center-virtual-machine-manager-2012/http://technet.microsoft.com/en-us/library/gg696971.aspx

QUESTION 8You need to recommend which Certificate Services role service must be deployed to the perimeter network.


Which Certificate Services role services should you recommend?

A. Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service

B. Certificate Enrollment Policy Web Service and Certification Authority Web Enrollment

C. Online Responder and Network Device Enrollment Service

D. Online Responder and Certificate Enrollment Web Service



29/11/2015 // Checked

Explanation:


http://technet.microsoft.com/en-us/library/dd759230.aspx

QUESTION 9You have a service template to deploy Appl.

You are evaluating the use of Network Load Balancing (NLB) for the front-end servers used by Appl.

You need to recommend which component must be added to the service template.


A. Guest OS profile

B. A host profile

C. A capability profile

D. A VIP template




29/11/2015 // Checked

Explanation:


http://technet.microsoft.com/library/gg610569.aspx

QUESTION 10You need to recommend a storage solution for the App1 VHDs.

The solution must minimize downtime if a Hyper-V host fails.


A. Distributed File System (DFS) Replication

B. A clustered file server of the File Server for general use type

C. A Distributed File System (DFS) namespace

D. clustered file server of the File Server for scale-out application data type






QUESTION 11You are evaluating the deployment of a multi-site Hyper-V failover cluster in the Miami office and the Seattle office to host App2.

You need to identify which changes must be made to support the use of the multi-site cluster.

Which changes should you identify?


A. Purchase a storage solution that replicates the virtual machines.Configure all of the virtual machines to use dynamic memory.

B. Upgrade the WAN link between the Miami and Seattle offices.Purchase a storage solution that replicates the virtual machines.

C. Configure all of the virtual machines to use dynamic memory.Implement Distributed File System (DFS) Replication and store the virtual machine files in a replicated folder.

D. Implement Distributed File System (DFS) Replication and store the virtual machine files in a replicated folder.Upgrade the WAN link between the Miami and Seattle offices.




You must have a Fast WAN for Multisite clustering and DFS doesn't work for multisite Hyper-V Clusters

http://technet.microsoft.com/en-us/library/dd197575%28v=ws.10%29.aspx


QUESTION 12You need to recommend a software update solution that meets the technical requirements.

What should you recommend deploying to each branch office?

A. An endpoint protection point

B. A distribution point

C. A management point

D. An enrollment proxy point



29/11/2015 // Checked

Explanation:


Certbase notes:

In the section Technical requirements we find the following relevant point: The traffic on the WAN links should, where possible, minimized. A System Center 2012distribution point is a site system, are saved with the package source files. Clients retrieve the source files from distribution points when they run advertisedprograms or task sequences or deploy software updates.




Solution: You recommend a scale-out file server that uses an SMB share.


A. Yes

B. No

Correct Answer: ASection: [none]


Explanation

Explanation/Reference:https://technet.microsoft.com/en-GB/library/hh831349.aspx

QUESTION 14You are planning the implementation of the Public Key Infrastructure Public Key Infrastructure (PKI).

How many CAs server you need at least?

A. 2

B. 3

C. 4

D. 5



06/12/2015 // Checked

In the section safety requirements contains the following relevant points:It is a root certification authority (CA) to be implemented in offline mode.

Client computers must obtain certificates from a server within their own site.



Testlet 1

Case Study 5: Contoso Ltd Case B

Contoso, Ltd., is a software development company. The company has a main office in Seattle and branch offices that are located in Los Angeles and New Delhi.Contoso's sales staff are all located in the Los Angeles office. Contoso's software developers are all located in the New Delhi office.

Current Environment

The network for the Seattle office contains:

- 2 domain controllers with integrated DNS- 200 Windows workstations- 14-node Hyper-V cluster- 1 file server with multiple shares- 1 Active Directory Rights Management Services (AD RMS) cluster

The network for the Los Angeles office contains:

- 2 domain controllers with integrated DNS- 100 Windows workstations- 1 file server with multiple shares

The network for the New Delhi office contains:

- 2 domain controllers with integrated DNS- 300 Windows workstations- 10 Hyper-V servers that host 100 development virtual machines (VMs) - 50 production virtual machines that are hosted in Azure

All the Contoso offices connect to each other by using VPN links, and each office is connected to the Internet.Contoso has a single Active Directory Domain Services (AD DS) domain named contoso.com. Contoso.com has a configured certification authority (CA). Contosocurrently leverages System Center Virtual Machine Manager 2012 R2 to manage its virtual environment servers.Contoso uses an application named HRApp1 for its human resources (HR) department. HR users report that the application stops responding and must berestarted before they can continue their work.

Fabrikam Inc

Contoso has recently acquired Fabrikam. Inc. Fabrikam has a single office that is located in Seattle.Fabrikam has a single AD DS domain named fabrikam.com.The network for Fabrikam contains:

- 2 domain controllers with Active Directory-integrated DNS - 150 Windows workstations


- 5 Hyper-V servers- 1 file server with multiple shares

A two-way trust exists between Contoso.com and Fabrikam.com.

Business Requirements

ConsolidationContoso must complete the consolidation of the Contoso and Fabrikam networks. The consolidation of the two networks must:

- Minimize all hardware and software costs.- Minimize WAN traffic.- Enable the users by providing self-service whenever possible.

Security

Contoso requires that all Windows client devices must be encrypted with BitLocker by using the Trusted PlatformThe CA for the domain contoso.com must be designated as the resource forest. The domain fabrikam.com must leverage certificates that are issued by thedomain contoso.com.

Other Information

HRApp1Each time HRApp1 stops responding and is restarted, an incident must be created and associated with the existing problem ticket.

Development environment

You have the following requirements:

- Developers must be able to manage their own VM checkpoints. - You must implement a disaster recovery strategy for development virtual machines.

Technical Requirements

Windows System UpdatesYou have the following system update requirements:

- Consolidate reporting of all software updates in all offices. - Software updates must be applied to all Windows devices. - Ensure the ability to report on update compliance.

Monitoring

You have the following monitoring requirements:

- Each time HRApp1 shows performance problems, ensure that a ticket is created.


- When performance problems are resolved, ensure that the ticket closes automatically.

Security

You have the following security requirements:

- Ensure that all documents are protected.- Ensure that contoso.com domain users get use licenses for RMS-protected documents from the domain contoso.com.- Ensure that fabrikam.com domain users get use licenses for RMS-protected documents from the domain contoso.com.

QUESTION 1This question consists of two statements: One is named Assertion and the other is named Reason. Both of these statements may be true; both may be false; or onemay be true, while the other may be false.

To answer this question, you must first evaluate whether each statement is true on its own. If both statements are true, then you must evaluate whether the Reason(the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches yourevaluation of the two statements.

Assertion:

You must implement Azure site recovery between the New Delhi and Seattle offices to meet the backup requirements.

Reason:

Azure site recovery allows replication and failover of virtual machines on host servers that are located in the Virtual Machine Manager cloud.

Evaluate the Assertion and Reason statements and choose the correct answer option.


A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion.

B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the Assertion.

C. The Assertion is true, but the Reason is false.

D. The Assertion is false, but the Reason is true.

E. Both the Assertion and the Reason are false.




01/12/2015 // Checked

Certbase notes:

In the section Development Environment states that

You need to create a plan for disaster recovery of used for software development virtual machines.

The data used for software development virtual machines (VMs) hosted on 10 Hyper-V servers in the site New Delhi. The Stuttgart has a Hyper-V cluster with 14nodes. Replicating the virtual machines from New Delhi to Stuttgart would be a possible way to ensure disaster recovery.

The assertion is true. The statement of reasons is also correct and also constitutes an acceptable justification of the claim.

Microsoft Azure Site Recovery organizes and manages the replication of your primary data center to a secondary location, so your data is backed up in the eventof planned or unplanned outages and are restorable. Internal private clouds that reside on System Center Virtual Machine Manager (VMM), you can back up otherinternal sites or from the Microsoft Azure Storage. To make replication, VMM uses the Hyper-V Replica, a replication mechanism that is built into Hyper-V inWindows Server 2012 and Windows Server 2012 R2.

It provides asynchronous replication of Hyper-V virtual computers between two host servers. Every server workload that can be virtualized in Hyper-V can bereplicated. The replication works over any ordinary IP-based network. The Hyper-V Replica can be used with stand-alone servers, failover clusters or a combinationof both.

QUESTION 2This question consists of two statements: One is named Assertion and the other is named Reason. Both of these statements may be true; both may be false; or onemay be true, while the other may be false.


Assertion:You must implement a Windows Server Gateway in the Seattle office.

Reason:A Windows Server Gateway will prevent users from saving documents outside of the Seattle location.








Correct Answer: ESection: [none]Explanation


01/12/2015 // Checked

Certbase notes:

The case study can be seen no indication that in Stuttgart a Windows Server gateway must be implemented. Both the statement and the statement of reasons isincorrect. What is the Windows Server Gateway?

f you are a system administrator, network architect, or other IT professional, Windows Server Gateway might interest you under one or more of the followingcircumstances:

You are using or plan on using System Center 2012 R2, which is required when you deploy Windows Server Gateway.You design or support IT infrastructure for an organization that is using or planning to use Hyper-V to deploy virtual machines (VMs) on virtual networks.You design or support IT infrastructure for an organization that has deployed or is planning to deploy cloud technologies.You want to provide full network connectivity between physical networks and virtual networks.You want to provide your organization’s customers with access to their virtual networks over the Internet.

https://technet.microsoft.com/en-gb/library/dn313101.aspx

QUESTION 3You need to design a solution that meets all of the software update requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

A. Implement System Center Service Manager.

B. Deploy a configuration baseline to all devices.

C. Implement System Center Operations Manager.

D. Implement System Center Configuration Manager


Correct Answer: BDSection: [none]Explanation


01/12/2015 // Checked

The section Technical Requirements - Windows Updates states that updates must be applied to all Windows devices.

In addition, compliance with the installation specifications must be testable. Configuration Baselines in System Center 2012 Configuration Manager are pre-defined configuration items that optionally contain other configuration items. After a basic configuration has been created, you can deploy to a collection and to allowdevices to download in this collection the basis for the configuration and evaluate compliance with reporting requirements.

For example can be checked with a configuration baseline, if a client all required updates of WSUS infrastructure installed.

In the Configuration Manager Console under Assets and Compliance -> Compliance Settings -> Configuration Baselines right click and select "CreateConfiguration Baseline".

QUESTION 4Drag and Drop Question

You need to implement the network Unlock feature to meet the BitLocker requirements.

In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:


Correct Answer:



01/12/2015 //

Certbase notes:


Updated: October 17, 2014Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8

This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it.Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock enableseasier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at systemreboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.

Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes fromhibernation (for example, by Wake on LAN). This can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administeredservers.Network Unlock allows BitLocker-enabled systems with TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. NetworkUnlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the key for NetworkUnlock is composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session.This topic contains:

https://technet.microsoft.com/en-gb/library/jj574173.aspx


QUESTION 5You need to design a solution that meets the monitoring requirements.

What should you do?

A. In Service Manager , create an alert routing rule in the Operations Manager Alert connector that created a new incident when the HR application procedure aperformance alert.

B. In service Manager, create a queue that will open a new ticket or close any existing HR application performance ticket when the performance alert has beenresolved in Operations Manager.

C. In Service Manager, create a workflow that will open a new ticket or close any existing HR application performance ticket when the performance alert has beenresolved in Operation Manager.

D. In Operations Manager , create an override for the HR application monitor that will close any open HR application performance tickets in service manager.


Explanation/Reference:Create the Operation Manager Alert Connectorhttp://valentincristea.com/2013/11/28/automating-incident-problem-management-part-ii-configuring-the-scomscsm-connector/


Configure the “Run As Account” (recommendations on the accounts required for creating Operations Manager Alert Connectors can be found here, v.2007 issimilar to v.2012). The best practice states: “Domain account specifically created for this purpose that is only in the Users local security group and in anAdministrator user role in Operations Manager and in an Advanced Operator user role in Service Manager.”


On the “Alerts Routing Rules”, add the Incident template defined above.


QUESTION 6You need to ensure that the developers can manage their own virtual machines.

Solution: You perform the following actions:

In Virtual Machine Manager,

You create a new user role named DevUsers that uses the Application Administrator profile.You grant Checkpoint permissions to the DevUsers role.

You distribute the Self-Service Portal URL to the developers.



A. Yes

B. No


Explanation/Reference:Here is a checklist for what to look for when you get a question like this:

1-Have we created the user role which for our developers? [y/n]2-Have we granted them checkpoint permissions? [y/n]3-Have we installed and configured self-service portal? (Y/N ) (even though we cant do this because our version of VMM is newer than SP1 so self-service portalhas been replaced by app controller.)4-Have we distributed the console/portal URL [Yes/NO]

01/12/2015 // Checked

In the section Development Environment states:

that the developer must have the opportunity to have their self-created snapshots of virtual machines (VMs) to manage.

The steps described satisfy the request partially. Among other things, would have the role of developing the user accounts of the developer to be added.

ProfileOn this page, you choose the type of user role to create. As Figure 2 shows, the profiles from which you can choose are Fabric Administrator, Read-OnlyAdministrator, Tenant Administrator, and Application Administrator. The list doesn't include the Administrator user role because it comes predefined when you installVMM 2012, as mentioned previously.


ActionsFor the Tenant Administrator or Application Administrator user role, you'll have the option to choose specific actions that will be permitted. As Figure 5 shows, youcan select actions such as Checkpoint (administrators can create and manage VM checkpoints) and Deploy (administrators can create VMs and services). Makesure that you understand the purpose of each action, taking into consideration the scope of the user role.


http://windowsitpro.com/virtual-machine-manager/microsoft-system-center-2012-sp1-virtual-machine-manager-user-roles


Solution: You perform the following actions:

In Virtual Machine ManagerYou create a new user role named DevUsers that uses the Application Administrator profile.You grant Checkpoint permissions to the DevUsers role.


You distribute the Virtual Machine Manager Console URL to the developers.


A. Yes

B. No


Explanation/Reference:A: Yes.

– Application Administrator (Self-Service User)Members of the Self-Service User role can create, deploy, and manage their own virtual machines and services by using the VMM console or a Web portal.To create a self-service user, see How to Create a Self-Service User Role in VMM.

– CheckpointGrants members permission to create, edit, and delete checkpoints for their own virtual machines and to restore their virtual machine to a previous checkpoint.


Solution: You perform the following tasks:

In Virtual Machine Manager, you create a new user role named DevUsers that uses the Application Administrator profile.You add the virtual machines to the DevUsers role.

You grant checkpoint permissions to the DevUsers role.

You distribute the App Controller console URL to the developers.



A. Yes


B. No



01/12/2015 // Checked

In the section Development Environment states that the developer must have the opportunity to have their self-created snapshots of virtual machines (VMs) tomanage. The steps described satisfy the request partially. Among other things, would have the role of developing the user accounts of the developer to be added.


Solution: You perform the following tasks:

In Virtual Machine Manager, You create a new user role named DevUsers that uses the Application Administrator profile.You add the virtual machines to the DevUsers role.

You grant Checkpoint permissions to the DevUsers role.

You install and configure App controller.You distribute the App controller console URL to the developers.


A. YES

B. NO.


Explanation/Reference:A: Yes.

– Application Administrator (Self-Service User)Members of the Self-Service User role can create, deploy, and manage their own virtual machines and services by using the VMM console or a Web portal.To create a self-service user, see How to Create a Self-Service User Role in VMM.

– Checkpoint


Grants members permission to create, edit, and delete checkpoints for their own virtual machines and to restore their virtual machine to a previous checkpoint.

QUESTION 10You need to configure Active Directory Rights Management Services (AD RMS).

What should you do? To answer, drag the appropriate domain or option to the correct location.

Each domain or option may be used once, more than once, or not at all. You may need to drag thesplit bar between panes or scroll to view content.

Select and Place:

Correct Answer:





Testlet 1

Case Study 6: Contoso Ltd Case C

Contoso, Ltd., is a manufacturing company. The company has offices in Chicago and Seattle. Each office contains two data centers. All of the data centers andsites for the company have network connectivity to each other. The company uses a single Active Directory Domain Services (AD DS) domain.Contoso is growing rapidly and needs to expand its computer infrastructure.

Current Environment Chicago Office

The Chicago office contains a primary data center and a backup data center. A Hyper-V cluster named Cluster1.contoso.com resides in the primary data center.The cluster has a multiple network path configured. The cluster includes two unused SQL Server virtual machines (VMs) named SQL-SERVER1 and SQL-SERVER2. The cluster also includes a Hyper-V Host group named Chi-Primary.Clusterl.contoso.com contains the following servers:

- CHI1-HVNODE1.contoso.com- CHI1-HVNODE2.contoso.com- CHI1-HVNODE3.contoso.com- CHI1-HVNODE4.contoso.com

The backup data center for the Chicago office is located on a Hyper-V cluster named Cluster2.contoso.com. The cluster has a single network path configured.The cluster includes a Hyper-V Host group named Chi-Backup.

Cluster2.contoso.com contains the following servers:

- CHI2-HVNODEl.contoso.com- CHI2-HVNODE2.contoso.com- CHI2-HVNODE3.contoso.com- CHI2-HVNODE4.contoso.com

In addition, the Chicago office contains two standalone Hyper-V servers named CHI- HVSERVER1.contoso.com and CHI-HVSERVER2.contoso.com.There are also four newly built servers:

- CHI-SERVERl.contoso.com- CHI-SERVER2.contoso.com- CHI-SERVER3.contoso.com- CHI-SERVER4.contoso.com

All the servers in the Chicago office run Windows Server 2012. Any future servers that are deployed in the Chicago office must also run Windows Server 2012.All servers in the Chicago office use the subnet 10.20.xx.

Current Environment Seattle Office

The Seattle office contains a primary data center and a backup data center. The primary data center is located on a Hyper-V cluster named


Cluster3.contoso.com. The cluster has a multiple network path configured. The cluster includes two unused SQL Server virtual machines named SQL-SERVER3and SQL-SERVERS The cluster includes a Hyper-V Host group named Sea-Primary.Cluster3.contoso.com contains the following servers:

- SEA3-HVNODEl.contoso.com- SEA3-HVNODE2.contoso.com- SEA3-HVNODE3.contoso.com- SEA3-HVNODE4.contoso.com

The backup data center for the Seattle office is located on a Hyper-V cluster named Cluster4.contoso.com. The cluster has a single network path configured. The cluster includes a Hyper-V Host group named Sea-Backup.Cluster4.contoso.com contains the following servers:

- SEA4-HVNODEl.contoso.com- SEA4-HVNODE2.contoso.com- SEA4-HVNODE3.contoso.com- SEA4-HVNODE4.contoso.com

In addition, the Seattle office contains two standalone Hyper-V servers named SEA-HVSERVERl.contoso.com and SEA-HVSERVER2.contoso.com.There are also four newly built servers:

- SEA-SERVERl.contoso.com- SEA-SERVER2.contoso.com- SEA-SERVER3.contoso.com- SEA-SERVER4.contoso.com

All servers in the Seattle office run Windows Server 2012 R2. Any future servers that are deployed in the Seattle office must also run Windows Server 2012 R2.All servers in the Seattle office use the subnet 10.10.x.x.


AppsContoso plans to deploy new applications to make its departments more efficient.

App1Contoso must create a new application named App1 for the human resources (HR) department. The infrastructure for App1 must reside in a virtual environmentand the data files for App1 must reside on a single shared disk. In addition, the infrastructure for App1 must meet the following requirements:

- maximize data protection- withstand the loss of a single guest virtual machine - withstand the loss of a single physical server


To support App1, Contoso must deploy a new cluster named Applcluster.contoso.com. The cluster has the following requirements:

- It must span multiple sites.- It must support dynamic quorums.- It must prevent failures caused by a 50% split.

App2Contoso must create a new application named App2. To support App2, Contoso must deploy a new SQL Server cluster. The cluster must not be part of thedomain.The server deployment team that will install the cluster has limited permissions. The server deployment team does not have the ability to create objects in ActiveDirectory.

Virtualization and Storage

New VMsAny new VMs that are deployed to the Hyper-V cluster in Cluster3.contoso.com have the following requirements:

- New SQL Server VMs must be deployed only to odd-numbered servers in the cluster.- All other new VM guests must be deployed to any available server in the cluster.

New VDE

The company needs a highly available file share cluster for a new Virtual Desktop Environment (VDE). It has the following requirements:

- The file share cluster must withstand the loss of a single server. - The file share cluster must withstand the loss of a single network path. - The file share cluster must use the least amount of disk space.

New virtualized SQL Server cluster

Contoso must create a new application for manufacturing. The company needs a new virtualized SQL Server cluster named VM-SQLclusterl.contoso.com. It has the following requirements:

- The cluster must use a shared virtual hard disk.- The cluster must have two nodes named VM-SQL-NODE1.contoso.com and VM-SQL-NODE2.contoso.com.

Highly available storage solution

The company is deploying new hardware that will replace the existing Hyper-V clusters. The new file share cluster must have a highly available storage solution for a Hyper-V environment. It has the following requirements:

- The new file share cluster must support guest VM clusters. - The storage cannot reside on any of the physical Hyper-V hosts.


QUESTION 1You need to implement a new highly available storage solution for the Hyper-V environment.

Which servers should you include in the scale-out file cluster?

A. CHI-SERVER1 and CHI-SERVER2

B. SEA3-HVNODE1 and SEA3-HVNODE2

C. SEA-SERVER1 and SEA-SERVER2

D. CHIl-HVNODE1 and CHI1-HVNODE2



29/03/2016 // Checked

- The new file share cluster must support guest VM clusters. This is 2012 R2 feature. All servers are 2012 R2 in Seattle only.- The storage cannot reside on any of the physical Hyper-V hosts. - The servers can not be any XXX-HVNODE.SEA-Server1 and SEA-Server2 are 2012 R2 and they are not HV cluster.

QUESTION 2You need to enable virtual machine network health detection on all supported clusters.

What should you do?


A. On the virtual machine settings page for Cluster4, select the Protect network checkbox for each virtual machine on the cluster.

B. On the virtual machine settings page for Cluster1, select the Protect network checkbox for each virtual machine on the cluster.

C. On each guest virtual machine in Cluster4, configure protected access for the network interface card.

D. On each guest virtual machine in Cluster3, configure protected access for the network interface card.


E. On the virtual machine settings page for Cluster3, select the Protect network checkbox for each virtual machine on the cluster.

F. On each guest virtual machine in Cluster1, configure protected access for the network interface card.

Correct Answer: ESection: [none]Explanation


01/12/2015 // Checked

Certbase notes:



Figure 1. Protected network setting

Protected networks are a new feature in Windows Server 2012 R2 Failover Clustering. Protected networks allow the detection of a network failure andautomatically move a virtual machine is on a host server on which the external virtual network is available.

In principle, all virtual machines on all four existing clusters from feature Protected network benefit. For optimum support of the recognition and protection againstnetwork failures, however, it is necessary that the cluster nodes can communicate over multiple network paths with each other.

For Cluster1 and Cluster3 multiple network paths for the cluster communications are configured. The nodes of Cluster2 and Cluster3 can each only a singlenetwork path to communicate. The following Technet article for more information on the topic:

https://technet.microsoft.com/en-gb/library/dn265972.aspx#BKMK_VMHealth


You need to implement VM-SQLclusterl.contoso.com.


Select and Place:


Correct Answer:





Certbase notes:

In the section New virtualized SQL Server cluster that:

The cluster must use a shared virtual disk.

Shared virtual disks are a new feature for use in failover cluster running Windows Server 2012 R2. Shared virtual disks are not the same as Cluster SharedVolumes (CSVs).

In previous versions of Windows Server clustering virtual machines Unable using a shared virtual disk. With the feature "shared virtual hard disk" will create a high-availability infrastructure. It is particularly important for deployments of private clouds and in the cloud hosted environments, manage large workloads.

Shared virtual disks allow the access of multiple virtual machines on the same VHDX file, which shared storage for the Windows Failover Clustering is provided.The files for shared virtual disks can be hosted on Cluster Shared Volumes (Cluster Shared Volumes, CSV) or SMB (Server Message Block) -based horizontallyscalable file shares on the file server.

The following Technet article contains instructions for how to create a shared virtual disk: providing a host cluster by using a shared virtual disk

QUESTION 4Hotspot Question

You need to deploy the new SQL cluster for App2.

How should you complete the relevant Windows PowerShell command? To answer, select the appropriate Windows PowerShell segment from each list in theanswer area.

Hot Area:


Correct Answer:




01/12/2015 // Checked

Change the Config :

-Cluster1.contoso.com-node SEA-SERVER1;SEA-SERVER2-StaticAddress 10.20.1.100-IgnoreNetwordk 10.0.0.0./8-AdministrativeAccessPoint ActiveDirectoryAndDNS

to :

-Cluster5.contoso.com


-node SEA-SERVER1;SEA-SERVER2-StaticAddress 10.10.1.100-NoStorage-AdministrativeAccessPointDNS

------------------------------------------------

Certbase notes:

With regard to the planned SQL Server cluster, the case study the following information can be obtained from:

For the support of the new App2 application, the company must provide a SQL Server cluster. The cluster should be disconnected from Active Directory.

The team for the installation of the cluster has limited permissions. Team members can not create objects in Active Directory.

You can deploy 2012 R2 in Windows Server a failover cluster in which the network name can not depend on Active Directory Domain Services (Active DirectoryDomain Services, AD DS). This concept is referred to as a separate Active Directory Cluster. With this deployment method, you can create a failover cluster andneed not to the previously required permissions to create computer objects in AD DS. Also, you must not ask for the preliminary deployment of computer objects inAD DS.

If you create a separate Active Directory Cluster, the network name of the cluster (also referred to as administrative access point) and registers the network namefor the cluster roles with client access points in DNS (Domain Name System) , However, no computer objects for the cluster in AD DS are written. This applies to thecomputer object for the cluster (also called the cluster name object or CNO called) exists and for computer objects for Cluster roles that normally Client AccessPoints in AD DS would (these are referred to as virtual computer objects or VCOs).

The following Technet article contains More information on the subject and an example of the use of New cluster to create a separate Active Directory Cluster:providing a separate Active Directory Cluster


You need to implement the file share for the new virtual desktop environment.

How should you configure the implementation? To answer, select the appropriate option from each list in the answer area.

Hot Area:


Correct Answer:



Explanation/Reference:https://technet.microsoft.com/en-us/library/dn486808.aspx


You need to implement App1.

How should you configure the locations? To answer, select the appropriate option from each list in the answer area.

Hot Area:


Correct Answer:



01/12/2015 // Checked

To support the requirements in terms of reliability, should the virtual machines, which are used by App1, be provided on a cluster. None of the existing clusterincludes nodes at multiple locations.

The given choices therefore provide most support for some of the requirements. Since there is the personnel department at the Frankfurt site, Cluster1 receivesopposite Cluster3 preference.

With respect to the data LUN for App1 says the case study. The data files from App1 to be stored on a single disk Taking into account the requirements in sectionHigh-availability Memory appears a shared cluster volume (Cluster Shared Volume, CSV) as the best solution.

QUESTION 7You must deploy the virtual machines for the scheduled SQL Server cluster.


How do you proceed?

A. Configure on Chi-Backup placement rules for the corresponding node.

B. Run to the corresponding cluster node of the primary datacenter in Chicago the following Windows PowerShell cmdlet: Set-SCVMHost -AvaliableForPlacement

C. Select the properties of the corresponding cluster node of the primary data center in Chicago, select This host is available for placement.

D. Configure on Sea-Backup placement rules for the corresponding node.



01/12/2015 // Checked

In the section New virtualized SQL Server cluster is mentioned that a new virtualized SQL Server cluster is planned with two nodes.

However, there is no information, to which location or on which Hyper-V cluster, the new virtualized cluster hosted. In section virtualization and storage:

New VMs there is a request for new VMs to the cluster cluster3.contoso.com be provided at the Seattle site.

It states: New SQL Server VMs may be provided only on cluster servers with odd numbers.

This requirement can be implemented with a placement rule for the host group Chi-Backup.

Note:

The Answers B and C do the same thing and are thus unsuitable. Neither answers represents a unique solution.

QUESTION 8You need to configure migration for HV-CLUSTER1. What should you do?

A. Use live migration between HV-Cluster1 and HV-Cluster3.

B. Configure a Hyper-V replica between HV-Cluster1 and HV-Cluster3.

C. Configure a Hyper-V replica between HV-Cluster1 and HV-Cluster4.

D. Use live migration between HV-Cluster1 and HV-Cluster4.




QUESTION 9You need to deploy the new SQL Server virtual machines.What should you do?


A. On Chi-Primary, configure placement rules for the specified nodes.

B. On the specified cluster nodes in the primary data center in Chicago, run the following Windows PowerShell command: Set-SCVMHost -AvaliableForPlacement

C. On the specified cluster nodes in the primary data center in Chicago, select the Host is available for placement check box.

D. On Sea-Primary, configure placement rules for the specified nodes.



QUESTION 10You need to prepare the environment for APP1

Which two actions should you perform?

Each correct answer presents a part of the solution.

A. Install a new cluster for App1 at the Seattle data center

B. Run the following Windiows PowerShell cmdlet for each node in the backup data center.Set LowerQuorumPriorityNodeID=1

C. Install a new cluster for App1 at the Chigago data center.

D. Run the following Windows PowerShell cmdlet for each node in the backup data center sitSet NodeWeight=1


Correct Answer: ABSection: [none]Explanation



Testlet 1

Case Study 6: Contoso Ltd Case D

OverviewContoso, Ltd., is a manufacturing company that makes several different components that are used in automobile production. Contoso has a main office in Detroit, adistribution center in Chicago, and branch offices in Dallas, Atlanta, and San Diego. The contoso.com forest and domain functional level are Windows Server 2008R2. All servers run Windows Server 2012 R2, and all client workstations run Windows 7 or Windows 8. Contoso uses System Center 2012 Operations Manager andAudit Collection Services (ACS) to monitor the environment. There is no certification authority (CA) in the environment.

Current Environment

The contoso.com domain contains the servers as shown in the following table:

Contoso sales staff travel within the United States and connect to a VPN by using mobile devices to access the corporate network. Sales users authenticate to theVPN by using their Active Directory usernames and passwords. The VPN solution also supports certification-based authentication.

Contoso uses an inventory system that requires manually counting products and entering that count into a database. Contoso purchases new inventory softwarethat supports wireless handheld scanners and several wireless handheld scanners. The wireless handheld scanners run a third party operating system that supportsthe Network Device Enrollment Service (NDES).


SecurityThe wireless handheld scanners must use certification-based authentication to access the wireless network.

Sales users who use mobile devices must use certification-based authentication to access the VPN. When sales users leave the company, Contoso administratorsmust be able to disable their VPN access by revoking their certificates.

MonitoringAll servers must be monitored by using System Center 2012 Operating Manager. In addition to monitoring the Windows operating system, you must collect securitylogs from the CA servers by using ACS, and monitor the services that run on the CA and Certificate Revocation List (CRL) servers, such as certification authorityand web services.


Technical Requirements

CA HierarchyContoso requires a two-tier CA hierarchy. The CA hierarchy must include a stand-alone offline root and two Active Directory-integrated issuing CAs: one for issuingcertificates to domain-joined devices, and one for issuing certificates to non-domain-joined devices by using the NDES. CRLs must be published to two web servers:one in Detroit and one in Chicago.

Contoso has servers that run Windows Server 2012 R2 to use for the CA hierarchy. The servers are described in the following table:

The IT security department must have the necessary permissions to manage the CA and CRL servers. A domain group named Corp-IT Security must be used forthis purpose. The IT security department users are not domain admins.

Fault ToleranceThe servers that host the CRL must be part of a Windows Network Load Balancing (NLB) cluster. The CRL must be available to users in all locations by using thehostname crl.contoso.com, even if one of the underlying web servers is offline.

QUESTION 1You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if the web service is stopped.

Solution: You create a recovery task in SCOM and configure it to start the World Wide Web publishing service.


A. Yes

B. No




01/12/2015 // Checked

In addition to the alert notification in case of problems provide the monitors in System Center 2012 - Operations Manager further options.

These include diagnostic and recovery tasks, help you to analyze and solve problems. A task is a script or other executable code, the / key, either on the computerhosting the Operations console or on the server, client, or other device which is administered, will be executed.

Using Tasks to the most diverse activities are carried out, for example, restarting an application in which an error has occurred, or deleting files. Monitors can havetwo types be assigned tasks: diagnostic tasks to help you understand the cause of a problem to identify, contain or additional diagnostic information, and recoverytasks to correct the problem.

With a recovery task, for example, a service can be started, if this was stopped inadvertently or by mistake. From diagnostic and recovery tasks scripts andexecutables command line files can be executed. These tasks can be run automatically when the monitor the status "Error" has.

This allows solving problems automate. Diagnostic and recovery tasks can always be created only for a specific monitor. A diagnostic or recovery task you havecreated for a monitor can not be used for another monitor or be linked to this. Rather, you must create the task for each monitor again.


Solution: You create a diagnostic task in SCOM and configure it to start the World Wide Web publishing service.



A. Yes

B. No





Solution: You create a diagnostic task in SCOM and configure it to start the Server service.


A. Yes

B. No



01/12/2015 // Checked

In addition to the alert notification in case of problems provide the monitors in System Center 2012 - Operations Manager further options. These include diagnosticand recovery tasks, help you to analyze and solve problems. A task is a script or other executable code, the / key, either on the computer hosting the Operationsconsole or on the server, client, or other device which is administered, will be executed. Using Tasks to the most diverse activities are carried out, for example,restarting an application in which an error has occurred, or deleting files. Monitors can have two types be assigned tasks: diagnostic tasks to help you understandthe cause of a problem to identify, contain or additional diagnostic information, and recovery tasks to correct the problem. With a recovery task, for example, aservice can be started, if this was stopped inadvertently or by mistake. From diagnostic and recovery tasks scripts and executables command line files can beexecuted. These tasks can be run automatically when the monitor the status "Error" has. This allows solving problems automate. Diagnostic and recovery tasks canalways be created only for a specific monitor. A diagnostic or recovery task you have created for a monitor can not be used for another monitor or be linked to this.Rather, you must create the task for each monitor again.

---------------

It is not the Server service that needs to be restarted. The Internet Information Services (IIS) World Wide Web Publishing Service (W3SVC), which manages theHTTP protocol and HTTP performance counters, needs to be restarted.

https://technet.microsoft.com/en-us/library/cc734944(v=ws.10).aspx


Solution: you create a Windows Events monitor SCOM and configure it to monitor even related to the http.sys Service.



A. Yes

B. No




You need to delegate permissions for DETCA01.


Select and Place:


Correct Answer:





You need to configure access to the Certificate Revocation Lists (CRLs).

How should you configure the access? To answer, drag the appropriate protocol or servers to the correct network type. Each protocol or server may be used once,more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.


Select and Place:

Correct Answer:





You plan to configure Windows Network Load Balancing (NLB) for a company.

You display following Network Load Balancing Manager window:



Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.

Hot Area:


Correct Answer:





You need to collect the required security logs.



Select and Place:

Correct Answer:



Explanation/Reference:Note:

* Audit collection services (Box 1)In System Center 2012 – Operations Manager, Audit Collection Services (ACS) provides a means to collect records generated by an audit policy and store them in acentralized database.ACS requires the following components: ACS Forwarders, ACS Collector, ACS Database* ACS Forwarders (box 2)The service that runs on ACS forwarders is included in the Operations Manager agent. By default, this service is installed but not enabled when the OperationsManager agent is installed. You can enable this service for multiple agent computers at the same time using the Enable Audit Collection task.* (box 3) Enable audit collection

. After you install the ACS collector and database you can then remotely enable this service on multiple agents through the Operations Manager console by runningthe Enable Audit Collection task.To enable audit collection on Operations Manager agents (see step 5 below)Log on to the computer with an account that is a member of the Operations Manager Administrators role. This account must also have the rights of a localadministrator on each agent computer that you want to enable as an ACS forwarder.

In the Operations console, click Monitoring.


In the navigation pane, expand Operations Manager, expand Agent Details, and then click Agent Health State. This view has two panes, and the actions in thisprocedure are performed in the right pane.In the details pane, click all agents that you want to enable as ACS forwarders. You can make multiple selections by pressing CTRL or SHIFT.In the Actions pane, under Health Service Tasks, click Enable Audit Collection to open the Run Task - Enable Audit Collection dialog box.Etc

QUESTION 9This question consists of two statements: One is named Assertion and the other is named Reason. Both of these statements may be true; both may befalse; or one may be true, while the other may be false.


Assertion:

You must install and configure Network Device Enrollment Services (NDES) on CHICA01

Reason:

NDES allows non-domain joined devices to obtain a Certificate Revocation List from Active Driectory-integrated certification authority, and then validate whethercertificates is valid.











You need to implement Windows Network Load Balancing (NLB).

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them incorrect order.

Select and Place:

Correct Answer:






Testlet 1

TESTLET OVERVIEW

Title: Case Study

The following testlet will present a Case Study followed by [count] multiple choice question(s), [count] create a tree question(s), [count] build list and reorder question(s) and [count] drop and connect question(s).

You will have [count] minutes to complete the testlet.

For help on how to answer the questions, click the Instuctions button on the question screen.

Overview

Overview

Background

Main OfficeMain Office Clusters

The data center has a cluster named cluster1 that runs Windows Server 2012 R2. Cluster1 uses the domain Cluster1.contoso.com. The cluster is partiallyconfigured and has three server nodes.

The cluster uses storage area network (SAN) attached storage. There are no cluster roles assigned.Cluster1 contains the following domains:

● CLUS1-SRV1.contoso.com● CLUS1-SRV2.contoso.com● CLUS1-SRV3.contoso.com

In addition, the environment contains two Windows Server 2012 R2 Hyper-V clusters named HV-Cluster1 and HV-Cluster2. HV-Cluster1 and HV-Cluster2 use Fibre Channel SAN storage.

The Hyper-V clusters contain server nodes as shown in the following table:


Main office network

Main office network

The main office data center uses a virtual local area network (VLAN) to deploy servers by using PXE boot. The VLAN ID is 30, and it uses the subnet10.15.30.0/24.

There is a firewall that prevents all inbound connections to all servers in the data center except for the subnet 10.50.50.0/24.

Contoso has two additional VLANs as shown in the following table;

SAN storage configuration for Cluster1


The Windows PowerShell command Get-ClusterSharedVolumeState –name "Cluster1.contoso.com" returns the following data:

Name: Cluster Disk XVolumeName: \\?\Volume {2297f079-53c2-41e9-94d1-483d61ea67d7}\Node: Clus1-Srv1StateInfo: DirectVolumeFriendName: Volume1FileSystemRedirectedIOReason: BlockRedirectedIOReason:


Name: Cluster Disk YVolumeName: \\?\Volume {0312ef48-74c7-4a4d-946e-4bb4a397ab1f}\Node: Clus1-Srv2Statelnfo: FileSystemRedirectedVolumeFriendName: Volume2FileSystemRedirectedIOReason: UserRequestBlockRedirectedIOReason: NotBlockedRedirectedName: Cluster Disk ZVolumeName: \\?\Volume {c4689cef-83e3-4f47-9eaf-161a9e31c4a0}\ Node: Clus1-Srv3Statelnfo: Block RedirectedVolumeFriendName: Volume3FileSystemRedirectedIOReason: NotFileSystemRedirectedBlockRedirectedIOReason: NoDiskConnectivity

Sales Office

Sales Office

Sales office servers

The data center has the following virtual and physical servers:● two standalone servers that are not joined to the contoso.com domain named SERVER1 and SERVER2● two dedicated storage servers that are allocated, but not yet built, named STORAGE1 and STORAGE2STORAGE1 and STORAGE2 each have 48 GB of RAM and 10 1-TB SAS disks.

Sales office clusters

Sales office clustersThe data center has a cluster named Cluster2 that runs Windows Server 2012 R2. Cluster2 uses the domain Cluster2.contoso.com.

The cluster is partially configured and has three server nodes. The cluster uses SAN attached storage. There are no cluster roles assigned.Cluster2 contains the following domains:

● CLUS2-SRV1.contoso.com● CLUS2-SRV2.contoso.com● CLUS2-SRV3.contoso.com

In addition, the environment contains two Windows Server 2012 R2 Hyper-V clusters named HV-Cluster3 and HV-Cluster4. HV-Cluster3 and HV-Cluster4 useFibre Channel SAN storage. The Hyper-V clusters contain server nodes as shown in the following table:




The Windows PowerShell command

Get-ClusterSharedVolumeState –name "Cluster4.contoso.com" returns the following data:Name: Cluster Disk XVolumeName: \\?\Volume {09009c16-d33e-49fb-aa6a-abdb31921e76}\Node: Clus2-Srv1StateInfo: DirectVolumeFriendName: Volume1FileSystemRedirectedIOReason: NotFileSystemRedirectedBlockRedirectedIOReason: NotBlockedRedirectedName: Cluster Disk YVolumeName: \\?\Volume {a6cedeab-6966-4eb0-b5c1-b819c6c34fbf}\Node: Clus2-Srv2Statelnfo: FileSystemRedirectedVolumeFriendName: Volume2FileSystemRedirectedIOReason: BlockRedirectedIOReason: Name: Cluster Disk ZVolumeName: \\?\Volume { }\ Node: Clus2-Srv3Statelnfo: VolumeFriendName: Volume3FileSystemRedirectedIOReason: BlockRedirectedIOReason:

QUESTION 1You need to change the HR application server environment.

What should you do?

A. Use Microsoft Virtual Machine Converter 3.0 to convert DAL-APPSERVER2.

B. Use Microsoft Virtual Machine Converter 3.0 to convert DAL-APPSERVER1.


C. Use Virtual Machine Converter to convert DAL-APPSERVER1.

D. Use Virtual Machine Converter to convert DAL-APPSERVER2.


Explanation/Reference:http://www.certifychat.com/70-414-a/354-please-help.html

QUESTION 2You need to deploy the virtual network for the development servers.


A. Associate VLAN ID 20 with the new logical network.

B. Associate VLAN ID 40 with the new logical network.

C. On HV-Cluster2, create a new logical network that uses private VLAN networks.

D. On HV-Cluster1, create a new logical network that uses a single connected network.

E. On HV-Cluster2, create a new logical network that uses a single connected network.

F. On HV-Cluster1, create a new logical network that uses private VLAN networks.

Correct Answer: BCSection: [none]Explanation

Explanation/Reference:Need to Check

Associate VLAN ID 40 with the new logical network.

On HV-Cluster1, create a new logical network that uses a single connected network.

http://www.certifychat.com/70-414-a/431-study-questions-coming-frequently.html



You need to create a script to deploy DFS replication.

Which Windows PowerShell commands should you add to the script? To answer, select the appropriate Windows PowerShell commands in each list in the answerarea.


Hot Area:


Correct Answer:



Explanation/Reference:Answer Area changed.Use the below answer 1New-DfsReplicationGroup -GroupName "RG-HR" | New-DfcReplicationFolder -FolderName "HR Data"


2-Add-DfsrMember -GroupName "RG-HR" -ComputerName "DAL-FS"1, "DAL-FS2"

3-Add-DfsrConnection -GroupName "RG-H R" -SourceComputerName "DAL-FS1" -DestinationComputerName "DAL-FS2"

4-Set-DfcrConnectionSchedule -GroupName "RG-HR" -SourceComputerName "DAL-FS1" -DestinationComputerNanme "DAL-FS2" -DAY "SunDay"

QUESTION 4You need to deploy the dedicated storage servers to support the new web application servers.What should you do?

A. Install windows storage server 2012 R2 workgroup on STORAGE1 and STORAGE2. Use STORAGE 1 and STORAGE2 as scale-out file servers.

B. Install windows storage server 2012 R2 standard on STORAGE1 and STORAGE2. Use STORAGE1 and STORAGE2 as ISCSI target servers.

C. Install windows storage server 2012 R2 workgroup on STORAGE1 and STORAGE2. Use STORAGE1 and STORAGE2 as ISCSI target servers.

D. Install windows storage server 2012 R2 standard on STORAGE1 and STORAGE2. Use STORAGE1 and STORAGE2 as scale-out file server.




You need to ensure that all new production Hyper-V virtual machines can be deployed correctly.


Select and Place:


Correct Answer:





Question Set 1

QUESTION 1Your network contains an Active Directory domain named contoso.com. The network has an Active Directory Certificate Services (AD CS) infrastructure.

You deploy Active Directory Rights Management Services (AD RMS) on the network.

You provide several users on the network with the ability to protect content by using AD RMS.

You need to recommend a solution to provide the members of a group named Audit with the ability to read and modify all of the AD RMS-protectedcontent.


A. Issue a CEP Encryption certificate to the members of the Audit group.

B. Issue a key recovery agent certificate to the members of the Audit group.

C. Add the Audit group as a member of the super users group.

D. Add the Audit group as a member of the Domain Admins group.


Explanation/Reference:Explanation:

A - Not Applicable.B - Not Applicable - KRA allows allows a user to decrypt users’ archived private keys, but not to retrieve them from the database.C - Correct - Super Users Group in AD RMS can Decrypt AD RMS-Protected Content, and modify it.D - Not Applicable - You don;t just go around handing out Admin Rights to people for any small reason!



http://technet.microsoft.com/en-us/library/ee424431.aspx

QUESTION 2Your network contains a server named Server1 that runs Windows Server 2012. Server1 is configured as a Hyper-V host.

Server1 hosts a virtual machine named VM1.

VM1 is configured as a file server that runs Windows Server 2012.

VM1 connects to a shared storage device by using the iSCSI Initiator.

You need to back up the files and the folders in the shared storage used by VM1.

The solution must ensure that open files are included in the backup.


What should you do?


A. From Hyper-V Manager, create a snapshot of VM1.

B. From Server1, perform a backup by using Windows Server Backup.

C. From VM1, perform a backup by using Windows Server Backup.

D. From Microsoft System Center 2012 Virtual Machine Manager (VMM), create a copy of VM1.


Explanation/Reference:Reference: https://technet.microsoft.com/en-us/library/dn798286.aspx#BKMK_VM_B

Back up data from within the Virtual Machine when you need to backup data that is not supported by Hyper-V VSS... like iSCSI Storage.

certbase notes:We can start Server Backup on VM1 and make a backup of the relevant user data Windows. The Volume Shadow Copy Service (VSS) allows besides, also thefuse of files that are in use. The remaining solutions not lead to the goal. The user data are not on the Hyper-V host, but on an external storage device. The Creatinga Snapshots (apart from the fact, that a Snapshot never an alternative to a data backup represents) or backing up or Copy the virtual machine, closes the data ofthe external memory not a.

Explanation:Backing Up Hyper-V Virtual Machines Using Windows Server Backup

http://blogs.msdn.com/b/taylorb/archive/2008/08/20/backing-up-hyper-v-virtual-machines-using-windowsserver-backup.aspx

QUESTION 3


You have a Hyper-V host named Hyper1 that has Windows Server 2012 Installed. Hyper1 hosts 20 virtual machines.

Hyper1 has one physical network adapter.

You need to implement a networking solution that evenly distributes the available bandwidth on Hyper1 to all of the virtual machines.

What should you modify?

A. The Quality of Service (QoS) Packet Scheduler settings of the physical network adapter

B. The settings of the virtual network adapter

C. The settings of the virtual switch

D. The settings of the legacy network adapter


Explanation/Reference:http://www.techrepublic.com/blog/data-center/set-bandwidth-limits-for-hyper-v-vms-with-windows-server-2012/

QUESTION 4Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 and Server2 are members of a failover cluster named Cluster1 and are connected to an iSCSI Storage Area Network (SAN).

You need to ensure that you can implement the clustered File Server role of the File Server for scale-out application data type for Cluster1.

What should you install?

A. The iSCSI Target Server cluster role

B. The Distributed Transaction Coordinator (DTC) cluster role

C. The DFS Namespace Server cluster role

D. A Cluster Shared Volume (CSV)




01/12/2015 // Checked Explanation:


QUESTION 5Your network contains an Active Directory domain named contoso.com. The domain contains several domain controllers.

The domain controllers run either Windows Server 2012 or Windows Server 2008 R2.

The domain functional level is Windows Server 2008 R2.The forest functional level is Windows Server 2008.

The corporate compliance policy states that all items deleted from Active Directory must be recoverable from a Recycle Bin.

You need to recommend changes to the current environment to meet the compliance policy.

Which changes should you recommend? (Each correct answer presents part of the solution. Choose all that apply.)

A. Raise the forest functional level to Windows Server 2008 R2.

B. Run the Enable-ADOptionalFeature cmdlet.

C. Run the New-ADObject cmdlet.

D. Run the Set-Server cmdlet

E. Raise the domain functional level to Windows Server 2012.




Explanation:

You can enable Active Directory Recycle Bin only if the forest functional level of your environment is set to Windows Server 2008 R2.

B: Enabling Active Directory Recycle BinAfter the forest functional level of your environment is set to Windows Server 2008 R2, you can enable Active Directory Recycle Bin by using the following methods:

- Enable-ADOptionalFeature Active Directory module cmdlet (This is the recommended method.) - Ldp.exe

Note: By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled.

Reference: Enable Active Directory Recycle Bin

QUESTION 6Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System center 2012 infrastructure. The domain contains the computers configured as shown in the following table.

You need to implement a monitoring solution that gathers the security logs from all of the computers in the domain.

Which monitoring solution should you implement? More than one answer choice may achieve the goal. Select the BEST answer.

A. Data Collector Sets (DCSs)

B. Event subscriptions

C. Desired Configuration Management in Configuration Manager

D. Audit Collection Services (ACS) in Operations Manager

Correct Answer: DSection: [none]


Explanation


01/12/2015 // Checked

Explanation:



You need to issue a certificate to users to meet the following requirements:

- Ensure that the users can encrypt files by using Encrypting File System (EFS).

- Ensure that all of the users reenroll for their certificate every six months.

What should you do first?

A. From the properties of the User certificate template, assign the Allow -Enroll permission to the AuthenticatedUsers group.

B. From the properties of the Basic EFS template, assign the Allow -Enroll permission to the AuthenticatedUsers group.

C. Create a copy of the User certificate template, and then modify the extensions of the copy.


D. Create a copy of the Basic EFS certificate template, and then modify the validity period of the copy.



01/12/2015 // Checked

Explanation:


http://technet.microsoft.com/en-us/library/cc786499(v=ws.10).aspx

QUESTION 8You have a Windows Server 2012 R2 failover cluster that contains four nodes. The cluster has Dynamic Optimization enabled.

You deploy three highly available virtual machines to the cluster by using System Center 2012 R2 Virtual Machine Manager (VMM).

You need to prevent Dynamic Optimization from placing any of the three virtual machines in the same node.

What should you do?

A. From the Virtual Machine Manager console, modify the Compatibility settings in the Hardware Configuration properties of the virtual machines.

B. Set the Priority property of the virtual machine cluster role.

C. From the Virtual Machine Manager console, modify the Servicing Windows settings of the virtual machines.

D. From the Virtual Machine Manager console, modify the Availability settings in the Hardware Configuration properties of the virtual machines.




Explanation:

The correct answer in the real exam is Anti Affinity command.

QUESTION 9Your network contains a Microsoft System Center 2012 Virtual Machine Manager (VMM) server named Server1.You use Server1 to manage 20 Hyper-V hosts.

The network also contains five Citrix XenServer visualization hosts.You need to recommend which installation is required to manage the XenServer servers from Server1.

What should you recommend installing?

A. The Citrix XenServer -Microsoft System Center Integration Pack on Server1

B. Citrix Essentials for Hyper-V on Server1

C. Citrix Essentials for Hyper-V on the Citrix XenServer hosts

D. The Citrix XenServer -Microsoft System Center Integration Pack on the Citrix XenServer hosts


Explanation/Reference:SCCM VMM can be used to managed Virtual Machines from other vendors like VMWare and Citrix. To enable VMM to manage Xenserver Hosts, you simply installthe Microsoft System Center Integration pack on the Xenserver Hosts.

https://www.citrix.com/blogs/2011/06/16/managing-xenserver-with-system-center-virtual-machine-manager-scvmm-2012/

QUESTION 10You are an Active Directory administrator for Contoso, Ltd. You have a properly configured certification authority (CA) in the contoso.com Active Directory Domain Services (AD DS) domain.

Contoso employees authenticate to the VPN by using a user certificate issued by the CA.

Contoso acquires a company named Litware, Inc., and establishes a forest trust between contoso.com and litwareinc.com.

No CA currently exists in the litwareinc.com AD DS domain. Litware employees do not have user accounts in contoso.com and will continue to use theirlitwareinc.com user accounts.

Litware employees must be able to access Contoso's VPN and must authenticate by using a user certificate that is issued by Contoso's CA.


You need to configure cross-forest certificate enrollment for Litware users.


A. Grant the litwareinc.com AD DS Domain Computers group permissions to enroll for the VPN template on the Contoso CA.

B. Copy the VPN certificate template from contoso.com to litwareinc.com.

C. Add Contoso's root CA certificate as a trusted root certificate to the Trusted Root Certification Authority in litware.com.

D. Configure clients in litwareinc.com to use a Certificate Policy server URI that contains the location of Contoso's CA.


Explanation/Reference:http://www.aiotestking.com/microsoft/contoso-employees-authenticate-to-the-vpn-by-using-a-user-certificate-issued-by-the-c/

QUESTION 11Your network contains five Active Directory forests. You plan to protect the resources in one of the forests by using Active Directory Rights Management Services (AD RMS)

Users in all of the forests will access the protected resources.

You need to identify the minimum number of AD RMS clusters required for the planned deployment.



A. One root cluster and five licensing clusters

B. One licensing cluster and five root clusters

C. Five root clusters

D. Five licensing clusters

Correct Answer: CSection: [none]


Explanation

Explanation/Reference:C is Correct.

Root Cluster – this is the first server in an AD RMS cluster, which automatically becomes the Root Cluster by default. The Root Cluster handles all certification andlicensing requests for the domain in which it is installed. It is recommended to have as few AD RMS Clusters as possible.

Each Forest will become a Root Cluster.

Licensing-Only Cluster - Licensing-Only Clusters perform only licensing (not certification). Licensing only clusters decrease performance as they have to constantly"check back" with the Root Cluster for licensing integrity. Licensing clusters are ONLY recommended when you have a department that requires a different licensingarrangement to your other departments.

In the case of this question: We have 5 Forest, so we have to have at least 5 Root Clusters. We have no need for licensing clusters.

https://technet.microsoft.com/en-us/library/cc771175.aspxhttps://technet.microsoft.com/en-us/library/jj554774.aspx

QUESTION 12Your network contains an Active Directory domain named contoso.com.

You deploy Microsoft System Center 2012 Virtual Machine Manager (VMM). The network contains five physical servers.

The servers are configured as shown in the following table.

You plan to use VMM to convert the existing physical servers to virtual machines.

You need to identify which physical servers can be converted to virtual machines.

Which servers should you identify? (Each correct answer presents part of the solution. Choose all that apply.)


A. Server1

B. Server2

C. Server3

D. Server4

E. Server5

Correct Answer: ADESection: [none]Explanation



certbase Notes:

Microsoft System Center Virtual Machine Manager (VMM) allows you to convert physical machines to virtual machines using the physical-to-virtual machineconversion (P2V). VMM simplifies P2V conversion by a task-based wizard that largely automates the conversion process. For a P2V conversion following conditionsapply to the source computer:


Mindestes 512 MB RAM

Volumes are only supported up to a size of 2040 GB.

ACPI BIOS (Advanced Configuration and Power Interface) - Vista WinPE will not install using a different BIOS.

VMM and the host computer must have access to the source machine.

Must not be located in a perimeter network. A perimeter network, also known as a screened subnet, is a collection of devices and subnets that are positionedbetween an intranet and the Internet to protect the intranet from unauthorized Internet users. The source computer for a P2V conversion can be in any other networktopology, connect to the source computer manufactured in the VMM server for temporary installation of an agent and Windows Management Instrumentation (WMI)calls to the source computer can be made.

https://technet.microsoft.com/en-us/library/gg610562.aspx

Explanation:



The network contains a server named Server1 that runs Windows Server 2012. Server1 has the Active Directory Certificate Services server role installed.

Serve1l is configured as an offline standalone root certification authority (CA).

You install the Active Directory Certificate Services server role on Server2 and configure the server as an enterprise subordinate CA.

You need to ensure that the certificate issued to Server2 is valid for 10 years.

What should you do first?

A. Modify the registry on Server1.

B. Modify the registry on Server2.

C. Modify the CAPolicy.inf file on Server2.

D. Modify the subordinate CA certificate template.

E. Modify the CAPolicy.inf file on Server1.



Explanation


The issuing CA is an offline standalone CA so templates do not apply here (normally with a normal CA you would simply copy the certificate templateand then modify it, create a certificate from that new template and then issue it to Server2).

But since the issuing CA is a standalone, offline CA (standalone CAs do not use templates), we will simply power the CA server on modify the registysettings using certutil.exe

We will then export the new, modified certificate to Server2.

The commands we need to modify the registry are:certutil -setreg ca\ValidityPeriod “Years”certutil -setreg ca\ValidityPeriodUnits “5”


http://marckean.wordpress.com/2010/07/28/build-an-offline-root-ca-with-a-subordinate-ca/

Point 4. Setup the root CA to issue certificates with an expiry date of 10 years (will issue to the Sub CA for 10 years) Change the following registry path on the Root CA -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\Root-CA\ValidityPeriodUnits Change the REG_DWORD decimal value to 10. This changes it to 10 years, so when the Sub CA gets a certificate, it won’t expire for another 10 years.

QUESTION 14Your network contains two Hyper-V hosts named Host1 and Host2.Host1 contains a virtual machine named VM1.

Host2 contains a virtual machine named VM2.VM1 and VM2 run Windows Server 2012 R2.

You install the Network Load Balancing feature on VM1 and VM2.

You need to ensure that the virtual machines are configured to support Network Load Balancing (NLB).

Which virtual machine settings should you configure on VM1 and VM2?

A. DHCP guard


B. MAC address

C. Router guard

D. Port mirroring



When MAC addresses are not assigned to virtual machines, it could cause network problems.

http://blogs.msdn.com/b/clustering/archive/2010/07/01/10033544.aspx


The corporate security policy states that when new user accounts, computer accounts, and contacts are added to an organizational unit (OU) named Secure, theaddition must be audited.

You need to recommend an auditing solution to meet the security policy.

What should you include in the recommendation? (Each answer presents part of the solution. Choose all that apply.)

A. From the Default Domain Controllers Policy, enable the Audit directory services setting.

B. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit directory services setting.

C. From the Secure OU, modify the Auditing settings.

D. From the Default Domain Controllers Policy, enable the Audit object access setting.

E. From the Secure OU, modify the Permissions settings.

F. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit object access setting.



Audit directory service access is the only way to track changes to OUs and GPOs.


Then we link the create a new GPO and customize our audit settings, then link it to the OU.

To check Ans

From the Default Domain Controllers Policy, enable the Audit directory services setting

Create a new Group Policy object (GPO) that is linked to the Secure OU, and thenmodify the Audit directory services setting.

QUESTION 16Your network contains an Active Directory Rights Management Services (AD RMS) cluster named Cluster1.

You plan to change Cluster1 to a new AD RMS cluster named Cluster2.

You need to ensure that all users retrieve the location of the AD RMS templates from Cluster2.

What should you do?

A. Create an alias (CNAME) record named clusterl.contoso.com that points to Cluster2.

B. Modify the Service Connection Point (SCP).

C. Modify the templates file location of the rights policy templates.

D. Modify the exclusion policies.


Explanation/Reference:Only one SCP can exist in your Active Directory forest. If you try to install AD RMS and an SCP already exists in your forest from a previous AD RMS installationthat was not properly deprovisioned, the new SCP will not install properly. It must be removed before you can establish the new SCP.

SCP – Service Connection point holds the IP address of the ADRMS Certification Cluster. You can ONLY HAVE ONE OF THESE on your network. If you installADRMS, and then uninstall it, the SCP might still be there, so when you attempt to reinstall ADRMS you will need to delete the old SCP. You can delete the SCPwith Active Directory by using the Sites and Services console or with Adsiedit or AD RMS Itself if it is still installed OR you can download the AD RMS


Administration Toolkit and run ADScpRegister.exe unregisterscp – haven’t seen this though.

Reference: http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point.aspx

QUESTION 17Your network contains an Active Directory domain named contoso.com. You install Windows Server 2012 R2 on a new server named Server1 and you join Server1 to the domain.

You need to ensure that you can view processor usage and memory usage information in Server Manager.

What should you do?

A. From Server Manager, click Configure Performance Alerts.

B. From Performance Monitor, create a Data Collector Set (DCS).

C. From Performance Monitor, start the System Performance Data Collector Set (DCS).

D. From Server Manager, click Start Performance Counters.



You should navigate to the Server Manager snap-in and there click on All Servers, and then Performance Counters. The PerformanceCounters, when started can be set to collect and display data regarding processor usage, memory usage, amongst many otherresources like disk- related and security related data, that can be monitored.

Reference: http://technet.microsoft.com/en-us/library/bb734903.aspx

QUESTION 18Your network contains a data center named DataCenter1 that contains multiple servers. The servers are configured as Hyper-V hosts.

Your company deploys a disaster recovery site.

The disaster recovery site has a dedicated connection to DataCenter1.

The network is connected to the disaster recovery site by using a dedicated link.

DataCenter1 contains 10 business critical virtual machines that run a line-of-business application named Appl.


You need to recommend a business continuity solution to ensure that users can connect to App1 within two hours if DataCenter1 fails.

What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.

A. From Microsoft System Center 2012 Virtual Machine Manager (VMM), implement live migration on the virtual machines.

B. From Hyper-V Manager, create snapshots of the virtual machines.

C. From Microsoft System Center 2012 Data Protection Manager, implement a protection group.

D. From Hyper-V Manager, implement Hyper-V replicas.



QUESTION 19Your network contains five Active Directory forests.You plan to protect the resources in one of the forests by using Active Directory Rights Management Services (AD RMS)

Users in only one forest will access the protected resources

You need to identify the minimum number of AD RMS clusters required for the planned deployment.What should you identify?

A. Five root clusters and one licensing cluster

B. Five licensing clusters and one root clusters

C. One root cluster

D. One licensing cluster



http://www.certifychat.com/70-414-a/394-identify-minimum-ad-rms-clusters-required-planned.html#post2121


To Check

D. five root clusters and one licensing cluster

QUESTION 20Your network contains an Active Directory domain named contoso.com. The domain contains 200 servers that run either Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. The servers run the following enterprise applications:

Microsoft Exchange Server 2013Microsoft SQL Server 2014

System Center 2012 R2 Operations Manager is deployed to the domain. Operations Manager monitors all of the servers in the domain. Audit Collection Services (ACS) is installed.

You need to recommend a monitoring strategy for the domain that meets the following requirements:

A group of administrators must be notified when an error is written to the System log on the servers that run ExchangeServer 2013.A group of administrators must be notified when a specific event is written to The Application log on the servers thatrun SQL Server 2014.


A. From Operations Manager, enable audit collection.

B. From Operations Manager, implement two monitors.

C. From Computer Management, implement one event subscription.

D. From Operations Manager, implement two rules.


Explanation/Reference:Monitors monitor applications for their health state.

Rules can be used to create Alerts for events.



QUESTION 21You have an Active Directory domain named adatum.com. All servers fun Windows Server 2012. All client computers run Windows 8.

You need to recommend a solution to provide users the ability to reset their passwords without any administrator intervention.


A. The Microsoft System Center 2012 Orchestrator runbooks and Microsoft System Center 2012 Operation Manager management packs

B. The Microsoft System Center 2012 Service Manager Self-Service Portal and Microsoft System Center 2012 Orchestrator runbooks

C. The Microsoft System Center 2012 Service Manager and Microsoft System Center 2012 Configuration Manager collections

D. the Microsoft System Center 2012 Service Manager Self-Service Portal and Microsoft System Center 2012 App Controller


Explanation/Reference:We obviously need Service Manager and the Self-Service Portal....

The question asks us to allow users to "reset" their password... this implies that we need them to be able to reset the password NOT change it to whatever theywant. We can use an Orchestrator Runbook that automatically generates a new password for the users when they request it from their Portal.

http://contoso.se/blog/?p=3085

http://www.certifychat.com/70-414-a/369-provide-users-ability-reset-passwords-administrator-interven.html

QUESTION 22You have a Hyper-V host named Server1 that runs Windows Server 2012 R2.Server1 hosts 50 virtual machines that run Windows Server 2012 R2.

Your company uses smart cards for authentication.

You need to ensure that you can use smart card authentication when you connect to the virtual machine by using Virtual Machine Connection.

What should you configure?

A. The NUMA Spanning settings

B. The RemoteFX settings

C. The Enhanced Session Mode Policy


D. The Integration Services settings



QUESTION 23Your company has three main offices named Main1, Main2, and Main3. The network contains an Active Directory domain named contoso.com.

Each office contains a help desk group.

You plan to deploy Microsoft System Center 2012 Configuration Manager to meet the following requirements:

- The members of the Domain Admins group must be able to manage all of the Configuration Manager settings.- The help desk groups must be able to manage only the client computers in their respective office by using Configuration Manager.

You need to recommend a Configuration Manager infrastructure to meet the requirements.

Which infrastructure should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.


A. One site that contains a collection for each office

B. Three sites that each contain one collection

C. Three sites that contain one collection for each office

D. One site that contains one collection




Explanation:

Collections specify the user and computer resources that an administrative user can view or manage.

As they said, there is more than one correct answer, but BEST PRACTICE would be to create only one Site with 3 collections to delegate the permissions andscope of permissions.

Updated: June 18, 2015Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1,

System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1Microsoft System Center 2012 Configuration Manager provides a comprehensive solution for change and configuration management. Configuration Manager letsyou perform tasks such as the following:

Deploy operating systems, software applications, and software updates.Monitor and remediate computers for compliance settings.Monitor hardware and software inventory.Remotely administer computers.

QUESTION 24Your network contains an Active Directory forest named contoso.com.

Your company works with a partner company that has an Active Directory forest named fabrikam.com. Both forests contain domain controllers that run only Windows Server 2012 R2.

The certification authority (CA) infrastructure of both companies is configured as shown in the following table.

You need to recommend a certificate solution that meets the following requirements:

- Server authentication certificates issued from fabrikam.com must be trusted automatically by thecomputers in contoso.com.- The computers in contoso.com must not trust automatically any other type of certificates issued from the CA hierarchy in fabrikam.com.



A. Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.

B. Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.

C. Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.

D. Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.


Explanation/Reference:If we need to import a certificate from a partner Enterprise/Forest, but we do not want to automatically trust all of the certificates from their organization’s CA wesimply: Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.

Certificate Trust List (CTL):This is almost the opposite of a Certificate-Revocation List (CRL).Instead of making a list of which Certificates we no longer trust, we are adding this certificate to the Certificate (Microsoft) Trust List (CTL) which specifies whichcertificates we DO trust.If we add an external enterprises certificate to our CTL, our Network will ONLY trust that specific certificate and nothing else from the partner enterpriseunless we add more of their certificates to our CTL.

QUESTION 25Your network contains an Active Directory domain named contoso.com. Your company has an enterprise root certification authority (CA) named CA1. You plan to deploy Active Directory Federation Services (AD FS) to a server named Serverl. The company purchases a Microsoft Office 365 subscription.

You plan register the company's SMTP domain for Office 365 and to configure single sign-on for all users. You need to identify which certificate or certificates are required for the planned deployment.

Which certificate or certificates should you identify?

A. a server authentication certificate that is issued by a trusted third-party and that contains the subject name serverl.contoso.com

B. a server authentication certificate that is issued by CA1 and that contains the subject name Server1


C. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name Server1

D. a server authentication certificate that is issued by CA1 and that contains the subject name serverl.contoso.com

E. self-signed server authentication certificates for serverl.contoso.com


Explanation/Reference:Correct - A - AD FS requires an SSL certificate (which is also known as a Server Authentication Certificate) that is issued by a third party, and whose UPN isinternet-routable.

Not B or C or D - A is required for AD FS... the rest are not required as they are either privately issued, or have a short/private UPN.

Not E - E refers to server authentication certificates, the requirements asks for a token-signing certificate. Token signing certificates are generated automatically andMicrosoft recommends that we use the default certificate as it has the benefit of updating itself when it expires etc.

https://gyazo.com/48a6ff83688b3c355578d5dea565acbd

Reference: https://support.office.com/en-sg/article/Plan-for-third-party-SSL-certificates-for-Office-365-b48cdf63-07e0-4cda-8c12-4871590f59ce

QUESTION 26Your company has a main office and a branch office.

You plan to implement a failover cluster named Cluster1 to host an application named Appl.

The data of App1 will replicate to all of the nodes in Cluster1. Cluster1 will contain two servers.

The servers will be configured as shown in the following table.The cluster nodes will not use shared storage.

The branch office contains two file servers named Server3 and Server4.

You need to ensure that App1 fails over automatically to another server if a single node in Cluster1 fails.

What should you do? More than one answer choice may achieve the goal. Select the BEST answer.


A. Add Server1, Server2, and Server3 to a Network Load Balancing (NLB) cluster.

B. Add Server3 as a file share witness for Cluster1.

C. Add Server3 and Server4 to a new failover cluster named Cluster2. Install App1 on Cluster2.

D. Add Server3 as a node in Cluster1.



Notes:We have a two-node cluster. We can either use a quorum disk, a witness file share, or an additional node to still maintain a majority for the operation of the clusterin case of failure of a single node. A witness file share on a "witness location" is compared with an additional node in the branch office, the better Solution.

QUESTION 27You administer an Active Directory Domain Services forest that includes an Active Directory Federation Services (AD FS) server and Azure Active Directory.

The fully qualified domain name of the AD FS server is adfs.contoso.com.

Your must implement single sign-on (SSO) for a cloud application that is hosted in Azure. All domain users must be able to use SSO to access the application.

You need to configure SSO for the application.


A. Use the Azure Active Directory Synchronization tool to configure user synchronization.

B. Use the AD FS Configuration wizard to specify the domain and administrator for the Azure Active Directory service.

C. Create a trust between AD FS and Azure Active Directory.

D. In the Azure management portal, activate directory synchronization.

Correct Answer: ACSection: [none]


Explanation

Explanation/Reference:Need to Check.

Use the Azure Active Directory Synchronization tool to configure user synchronization

Use the AD FS Configuration wizard to specify the domain and administrator for theAzure Active Directory service

You can employ both AD FS and Azure AD for use with single-sign on for Azure Cloud-Based Applications. To do so:

1. Synchronize AD FS users with Azure AD (dirsync).2. Create a trust between AD FS and Azure AD.

After this you can go through more advanced steps to configure advanced authentication settings, device registraion and conditional access.

QUESTION 28Your network contains two clusters.

The clusters are configured as shown in the following table.

All of the servers in both of the clusters run Windows Server 2012. You need to plan the application of Windows updates to the nodes in the cluster.

What should you include in the plan? More than one answer choice may achieve the goal. Select the BEST answer.

A. Cluster-Aware Updating (CAU) self-updating and downloaded updates from Windows Server Update Services (WSUS)

B. Microsoft System Center 2012 Service Manager integrated with Windows Server Update Service (WSUS)

C. A manual application of Windows updates on all of the cluster node

D. Microsoft System Center 2012 Configuration Manager integrated with Windows Server Update Service (WSUS)

Correct Answer: A





Currently, the following Windows Server 2012 clustered workloads are tested and certified for CAU: SMB, Hyper-V, DFS Replication, DFS Namespaces, iSCSI, andNFS.

Notes:

Updated: October 17, 2013Applies To: Windows Server 2012 R2, Windows Server 2012

This topic provides an overview of Cluster-Aware Updating (CAU), a feature for failover clusters that was introduced in Windows Server 2012. CAU automates thesoftware updating process on clustered servers while maintaining availability. This topic describes scenarios and applications for using CAU, and provides links tocontent that describes how to integrate CAU into other IT automation and management processes.

Practical applications

CAU reduces service outages in clustered services, reduces the need for manual updating workarounds, and makes the end-to-end cluster updating processmore reliable for the administrator. When the CAU feature is used together with continuously available cluster workloads, such as continuously available fileservers (file server workload with SMB Transparent Failover) or Hyper-V, the cluster updates can be performed with zero impact to service availability for clients.

CAU facilitates the adoption of consistent IT processes across the enterprise. You can create Updating Run Profiles for different classes of failover clusters andthen manage them centrally on a file share to ensure that CAU deployments throughout the IT organization apply updates consistently, even if the clusters aremanaged by different lines-of-business or administrators.

CAU can schedule Updating Runs on regular daily, weekly, or monthly intervals to help coordinate cluster updates with other IT management processes.

CAU provides an extensible architecture to update the cluster software inventory in a cluster-aware fashion. This can be used by publishers to coordinate theinstallation of software updates that are not published to Windows Update or Microsoft Update or that are not available from Microsoft, for example, updates fornon-Microsoft device drivers.

CAU self-updating mode enables a “cluster in a box” appliance (a set of clustered physical machines running Windows Server 2012, typically packaged in onechassis) to update itself. Typically, such appliances are deployed in branch offices with minimal local IT support to manage the clusters. Self-updating modeoffers great value in these deployment scenarios.

QUESTION 29Your network contains an Active Directory domain. The domain contains a site named Site1.


All of the client computers in Site1 use static IPv4 addresses on a single subnet. Site1 contains a Storage Area Network (SAN) device and two servers named Server1 and Server2 that run Windows Server 2012.

You plan to implement a DHCP infrastructure that will contain Server1 and Server2. The infrastructure will contain several IP address reservations.

You need to recommend a solution for the DHCP infrastructure to ensure that clients can receive IP addresses from a DHCP server if either Server1 orServer2 fails.

What should you recommend? (Each correct answer is a complete solution. Choose all that apply.)

A. Configure all of the client computers to use IPv6 addresses, and then configure Server1 and Server2 to run DHCP in stateless mode.

B. Configure Server1 and Server2 as members of a failover cluster, and then configure DHCP as a clustered resource.

C. Configure a DHCP failover relationship that contains Server1 and Server2.

D. Create a scope for each server, and then configure each scope to contain half of the IP addresses.

Correct Answer: BCDSection: [none]Explanation

Explanation/Reference:// 30/11/2015 checked certbase notes:

We can either use the Failover Clustering for the role DHCP server, the new DHCP failover or a shared address space configured to compensate for the failure of asingle DHCP server. A shared address space, however, does not support the proposed IP address reservations. In addition, the number of available IP addresses isreduced if a server fails to half.

QUESTION 30You have a properly configured certification authority in a active directory domain services domain.

You must implement two-factor authentication and use virtual smart cards to secure user sessions.

You need to implement two-factor authentication for each client device.

What should you install on each client device?

A. A trusted platform module (TPM) chip.

B. A user certificate issue by a certification authority.


C. A smart card reader.

D. A local computer certificate issued by a certificate authority.


Explanation/Reference:Virtual smart card technology uses cryptographic keys that are stored on computers that have the Trusted Platform Module (TPM) installed.

Basically... think BitLocker....

To Authenticate:The Virtual Smart Card can be thought of as a Physical Smart card that is contained on the computer. You "swipe" that Virtual Smart Card in your Smart CardReader (the TPM chip) and then you enter a PIN to authenticate.

http://www.certifychat.com/70-414-a/344-install-client-device.html?highlight=implement+two-factor+authentication+client+device.

QUESTION 31Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

The network contains a System Center 2012 R2 Data Protection Manager (DPM) deployment.The domain contains six servers. The servers are configured as shown in the following table.

You install System Center 2012 R2 Virtual Machine Manager (VMM) on the nodes in Cluster2. You configure VMM to use a database in Cluster1. Server5 is the first node in the cluster.

You need to back up the VMM encryption key.

What should you back up?


A. A full system backup of Server1

B. A full system backup of Server3

C. A backup of the Windows\DigitalLocker folder on Server5

D. A backup of the Windows\DigitalLocker folder on Server1


Explanation/Reference:The VMM Encryption key is stored on the VMM server by default. But for Highly Available VMM setups (when VMM is running in a CLUSTER) the Encryptionkey is stored in Active Directory.

To back up the encryption key we perform a full system Backup of AD.

QUESTION 32You administer a group of servers that run Windows Server 2012 R2.You must install all updates.

You must report on compliance with the update policy on a monthly basis.

You need to configure updates and compliance reporting for new devices.

What should you do?

A. Deploy the Microsoft Baseline Security Analyzer. Scan the servers and specify the /apply switch.

B. In Configuration Manager, deploy a new Desired Configuration Management baseline that includes all required updates.

C. Configure a new group policy to install updates monthly. Deploy the group policy to all servers.

D. In Operations Manager, create an override that enables the software updates management pack. Apply the new override to the servers.



Explanation/Reference:ATT: This question is one of a series of similar questions. I recommend choosing an answer, if the options contain one, that does NOT require System Centerbecause the Question does not mention that System Center is installed.

Also, make sure to select an answer that is able to generate Compliance Reports.

Most Probably Answer Options For This Question Instance:

Configure a new group policy to install updates monthly. Deploy the group policy to all servers.In Configuration Manager, deploy a new Desired Configuration Management baseline that includes all required updates.In Virtual Machine Manager, deploy a new update baseline that includes all required updates.Configure windows server update service(WSUS) to automatically approve all updates. Configure the servers to use the WSUS server for updates

QUESTION 33Your network contains 20 servers that run Windows Server 2012. The servers have the Hyper-V server role installed. You plan to deploy a management solution.

You need to recommend which Microsoft System Center 2012 roles must be deployed to meet the following requirements:

An administrator must be notified when an incident occurs, such as a serious error in the event log, on a Hyper-V host, or on a virtual machine. An administrator must be able to assign an incident to a specific administrator for resolution. An incident that remains unresolved for more than 10 hours must be escalated automatically to another administrator.Administrators must be able to generate reports that contain the details of incidents and escalations.

Which System Center 2012 roles should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

A. Operations Manager and Service Manager

B. Service Manager and Virtual Machine Manager (VMM)

C. Configuration Manager and Service Manager

D. Operations Manager and Orchestrator



Explanation/Reference:Explanation:Operations Manager – This is a MONITORING tool, it monitors things, but it ALSO can create ALERTS. Operations Manager Alerts are basically Events that aretriggered by a predefined action (for example, you can create an Alert that is triggered whenever App1 crashes).

SCOM Alerts can then be exported from Operations Manager by a “connector” which will then import them into a different SC2012 feature such as:Service Manager – When an Alert is imported into Service Manager, it sits there as an “Event” which can then be MANAGED by an Administrator, or delegated, orAdministrated etc.OROrchestrator – When an Alert is imported into Orchestrator, an Orchestrator Runbook can be employed to automate a task that is triggered by the Alert. Forexample, we can configure Orchestrator to automatically restart App1 whenever a specific App1 crash Alert is sent to it.

Here, criteria 1 and 4 are met by Operations Manager, while criteria 2 and 3 are met by Service Manager.

GOLDEN RULE for answering these types of question:1. Orchestrator - AUTOMATES Things!2. Service Manager - WORKFLOWS, Client-Portals, Allows event to be managed by Administrators!3. Operations Manager - MONITORS, Creates Alerts, Creates Reports!

QUESTION 34Your company has a human resources department and a finance department. You are planning an administrative model for both departments to meet the following requirements:

- Provide human resources managers with the ability to view the audit logs for the files of their department.- Ensure that only domain administrators can view the audit logs for the files of the finance department.

You need to recommend a solution for the deployment of file servers for both departments.

What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

A. Deploy two file servers. Add the human resources managers to the local Administrators group on one of the servers.

B. Deploy two file servers. Add the human resources managers to the local Event Log Readers group on one of the servers.

C. Deploy one file server. Add the human resources managers to the local Administrators group.

D. Deploy one file server. Add the human resources managers to the local Event Log Readers group.




QUESTION 35Your network contains multiple servers that run Windows Server 2012. The network contains a Storage Area Network (SAN) that only supports Fibre Channel connections. You have two failover clusters.

The failover clusters are configured as shown in the following table.

You plan to implement 15 highly available virtual machines on Cluster2. All of the virtual machines will be stored in a single shared folder.

You need to ensure that the VHD files of the virtual machines can be stored on the SAN.

What should you do? (Each correct answer presents a complete solution.Choose all that apply.)

A. From a node in Cluster2, create a Virtual Fibre Channel SAN.

B. From a node in Cluster1, create a Virtual Fibre Channel SAN.

C. From Cluster1, add the iSCSI Target Server cluster role.

D. From Cluster1, configure the clustered File Server role of the File Server for scale-out application data type.



From a node in Cluster2, create a Virtual Fibre Channel SANFrom Cluster1, configure the clustered File Server role of the File Server for scale-out


application data type.

File Server for Scale-Out Application Data provides the File Server with the ability to share the same folder from multiple nodes in the Cluster (so fromboth nodes, i our case)iSCSI Target Server Role will expose the SAN Storage through iSCSI for the Guests to see.

Explanation:

* After the virtual machines are connected to the storage system using the virtual Fibre Channel components shared storage can be used by each VM, whichenables Hyper-V guest clustering. Before the virtual Fibre Channel features were available, Hyper-V guest machines were limited to iSCSI connections to enableshared storage for guest clustering.* A new feature in Windows Server 2012 Hyper-V is the ability to create a virtual Fibre Channel SAN. Each guest VM created on Windows Server 2012 includes anew option Add hardware Fibre Channel cards, which can be attributed to World Wide node names(WWNN) and select the virtual combine Virtual SAN FibreChannel adapters.

QUESTION 36Your Active Directory currently contains five virtualized domain controllers that run Windows Server 2012 R2.The system state of each domain controller is backed up daily. The backups are shipped to a remote location weekly.

Your company recently implemented a disaster recovery site that contains several servers. The servers run Windows Server 2012 R2 and have the Hyper-V server role installed. The disaster recovery site has a high-speed WAN link to the main office.

You need to create an Active Directory recovery plan that meets the following requirements:

- Restores the Active Directory if a catastrophe prevents all access to the main office.- Minimizes data loss.

What should you include in the plan?

A. Hyper-V replicas

B. Live migration

C. Virtual machine checkpoints

D. System state restores




QUESTION 37Your network contains an Active Directory domain named contoso.com. The domain contains Server 2012 R2 and has the Hyper-V server role installed.

You need to log the amount of system resources used by each virtual machine.

What should you do?

A. From Windows PowerShell, run the Enable-VMResourceMeteringcmdlet.

B. From Windows System Resource Manager, enable Accounting.

C. From Windows System Resource Manager, add a resource allocation policy.

D. From Windows PowerShell, run the Measure-VM cmdlet.



Enable-VMResourceMeteringcmdlet – begins logging the amount of system resources used by the VM or VMs that you specify in the command.Measure-VM - fetches the logged data for the VM or VMs.

The question asks us to begin logging the data, it does not ask us to fetch that logged data (whch hasn't even been logged yet).

QUESTION 38Your network contains two data centers named DataCenter1 and DataCenter2. The two data centers are connected by using a low-latency high-speed WAN link.Each data center contains multiple Hyper-V hosts that run Windows Server 2012.

All servers connect to a Storage Area Network (SAN) in their local data center.

You plan to implement 20 virtual machines that will be hosted on the Hyper-V hosts. You need to recommend a hosting solution for the virtual machines.

The solution must meet the following requirements:

- Virtual machines must be available automatically on the network if a single Hyper-V host fails.


- Virtual machines must be available automatically on the network if a single data center fails.


A. One failover cluster and one Distributed File System (DFS) Replication group in each data center

B. One failover cluster in DataCenter1 and Hyper-V replicas to DataCenter2

C. One failover cluster that spans both data centers and SAN replication between the data centers

D. One failover cluster in DataCenter2 and one DFS Replication group in DataCenter1



QUESTION 39Your network contains an Active Directory domain named contoso.com. You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain eight federation servers.

You need to identify which technology or technologies must be deployed on the network before you install the federation servers.

Which technology or technologies should you identify? (Each correct answer presents part of the solution. Choose all that apply.)


A. Network Load Balancing (NLB)

B. Microsoft Forefront Identity Manager (FIM) 2010

C. The Windows Internal Database feature

D. Microsoft SQL Server 2012

E. The Windows Identity Foundation 3.5 feature

Correct Answer: ADSection: [none]


Explanation


Best practices for deploying a federation server farm We recommend the following best practices for deploying a federation server in a production environment:- (A) Use NLB or some other form of clustering to allocate a single IP address for many federation server computers.- (D) If the AD FS configuration database will be stored in a SQL database, avoid editing the SQL database from multiple federation servers at the same time.- If you will be deploying multiple federation servers at the same time or you know that you will be adding more servers to the farm over time, consider creating aserver image of an existing federation server in the farm and then installing from that image when you need to create additional federation servers quickly.- Reserve a static IP address for each federation server in the farm and, depending on your Domain Name System (DNS) configuration, insert an exclusion for eachIP address in Dynamic Host Configuration Protocol (DHCP). Microsoft NLB technology requires that each server that participates in the NLB cluster be assigned astatic IP address.Reference: When to Create a Federation Server Farm

QUESTION 40You implement a cross-forest enrollment between contoso.com and Fabricam.comYou receive version errors when you deploy updated certificates from the Contoso domain to the Fabricam domain.

You need to ensure that you can deploy the certificates to the fabricam.com domain.

What should you do?

A. Run the following Windows PowerShell script:DumpADObj.ps1 -ForestName fabricam.com

B. Run the following Windows PowerShell script:PKISync.ps1 -sourceforest contoso.com -targetforest fabricam.com -f

C. Run the following Windows PowerShell script:Get-CertificationAuthority contoso.com | Get-PendingRequest | Approve-CertificateRequest

D. Run the following Windows PowerShell script:Get-CertificationAuthority -Name contoso.com | Get-PolicyModuleFlag | Enable-PolicyModuleFlagEnableOCSPRevNoCheck, DisableExtensionList -RestartCA


Explanation/Reference:http://www.certifychat.com/70-414-a/347-ensure-deploy-certificates-fabricam-com-domain.html

Explanation: In cross-forest Active Directory Certificate Services (AD CS) deployments, use DumpADObj.ps1 to troubleshoot


certificate enrollment or PKI object synchronization problems.

Reference: AD CS: DumpADObj.ps1 Script for Cross-forest Certificate Enrollment

https://technet.microsoft.com/en-us/library/ff961505(v=ws.10).aspx

QUESTION 41Your network contains an Active Directory domain named contoso.com.The domain contains a member server named Server 1.Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.

You create an external virtual switch named Switch1.

Switch1 has the following configurations:

- Connection type: External network- Single-root I/O virtualization (SR-IOV): Enabled

Ten virtual machines connect to Switch1.

You need to ensure that all of the virtual machines that connect to Switch1 are isolated from the external network and can connect to each other only. The solution must minimize network downtime for the virtual machines.What should you do?

A. Remove Switch1 and recreate Switch1 as an internal network.

B. Change the Connection type of Switch1 to Private network.

C. Change the Connection type of Switch1 to Internal network.

D. Remove Switch1 and recreate Switch1 as a private network.



To Check

Explanation:


You can change the connection type of a virtual switch from the virtual switch managerwithout having to remove it.A private virtual network is isolated from all external network traffic on the virtualizationserver, as well any network traffic between the management operating system and theexternal network.This type of network is useful when you need to create an isolated networking environment,such as an isolated test domain.:http://technet.microsoft.com/en-us/library/cc816585%28v=WS.10%29.aspxhttp://blogs.technet.com/b/jhoward/archive/2008/06/17/hyper-v-what-are-the-uses-fordifferent-types-of-virtualnetworks.aspx

QUESTION 42Your network contains a Microsoft System Center 2012 Virtual Machine Manager (VMM) infrastructure. You plan to provide self-service users with the ability to create virtual machines that run Windows Server 2012 and have the following configurations:

- 8 GB of memory- The File Server server role- Windows Internal Database- A local Administrator password set to 'P@$$w0rd''

You have a VHD that contains a generalized version of Windows Server 2012.

You need to ensure that the self-service users can provision virtual machines that are based on the VHD.

What should you create? (Each correct answer presents part of the solution. Choose all that apply.)

A. A Hardware Profile

B. An Application Profile

C. An Application Host Profile

D. A VM Template

E. A Guest OS Profile

Correct Answer: ADESection: [none]Explanation


01/12/2015 // Checked


Explanation:



QUESTION 43Your network contains 500 client computers that run Windows 7 and a custom application named App1.App1 uses data stored in a shared folder.

You have a failover cluster named Cluster1 that contains two servers named Server1 and Server2. Server1 and Server2 run Windows Server 2012 and are connected to an iSCSI Storage Area Network (SAN).You plan to move the shared folder to Cluster1.

You need to recommend which cluster resource must be created to ensure that the shared folder can be accessed from Cluster1.


A. The Generic Application cluster role


B. The DFS Namespace Server cluster role

C. The clustered File Server role of the File Server for general use type

D. The clustered File Server role of the File Server for scale-out application data type


Explanation/Reference:The question states that the client computers run Windows 7.

Windows 7 or older clients cannot access SMB 3.0 Shares (which is what Scale-Out File Servers use).

Our only other option is to create an File Server for General Use here (the only downside to this is that the shared folder can only be read/accessed from one of thefile servers at a time.. which isnt a huge issue in this scenario).

QUESTION 44You have a Windows Server 2012 R2 failover cluster that contains four nodes. Each node has four network adapters. The network adapters on each node are configured as shown in the following table.

NIC4 supports Remote Direct Memory Access (RDMA) and Receive Side Scaling (RSS). The cluster networks are configured as shown in the following table.

You need to ensure that ClusterNetwork4 is used for Cluster Shared Volume (CSV) redirected traffic.

What should you do?


A. Set the metric of ClusterNetwork4 to 90,000 and disable SMB Multichannel.

B. On each server, replace NIC4 with a 1-Gbps network adapter.

C. Set the metric of ClusterNetwork4 to 30,000 and disable SMB Multichannel.

D. On each server, enable RDMA on NIC4.


Explanation/Reference:Redirected traffic will be sent to the NIC with the LOWEST Metric, but in server 2012 CSVs use SMB Multichannel (which enables traffic to be redirectedusing TWO NICs) so we also need to disable SMB Multichannel to prevent redirected traffic from being sent elsewhere on one of the other NICs.

QUESTION 45Your network contains an Active Directory domain named contoso.com. The network contains two servers named Server1 and Server2.

You deploy Active Directory Certificate Services (AD CS). The certification authority (CA) is configured as shown in the exhibit. (Click the Exhibit button).

You need to ensure that you can issue certificates based on certificate templates.


What should you do?

A. Configure Server2 as a standalone subordinate CA.

B. On Server1, install the Network Device Enrollment service role service.

C. Configure Server2 as an enterprise subordinate CA.

D. On Server1, run the Add-CATemplate cmdlet.



The Add-CATemplate cmdlet adds a certificate template to the CA for issuing. Certificate templates allow for the customization of a certificate that can be issued bythe CA. Example: Adds a CA template with the template display name Basic EFS and the template name EFS.Windows PowerShell

C:\PS>Add-CATemplate -Name EFS

QUESTION 46

Your network contains an Active Directory domain named contoso.com. The network contains two servers named Server1 and Server2.

You deploy Active Directory Certificate Services (AD CS).The certification authority (CA) is configured as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can issue certificates based on certificate templates.

What should you do?

Exhibit:


A. On Server1, install the Network Device Enrollment Service role service.B. Configure Server2 as a standalone subordinate CAC. On Server1, uninstall, and then reinstall AD CS.D. On Server1, run the Add-CertificateEnrollmentPolicyServer cmdlet.



Explanation:In a typical CA infrastructure the Stand-alone CAs are primarily intended to be used as Trusted Offline RootCAs in a CA hierarchy orwhen extranets and the Internet are involved.In a stand-alone CA Certificate templates are not used.An enterprise CA uses certificate types, which are based on a certificate template.

QUESTION 47Your company has a human resources department, a finance department, a sales department, and an R&D department. The company audits the access of documents that contain department-specific sensitive information. You are planning an administrative model for the departments to meet the following requirements:

- Provide R&D managers with the ability to back up all the files of their department only.- Provide finance managers with the ability to view the audit logs for the files of their department only.- Provide human resources managers with the ability to view the audit logs for the files of their department only.- Provide sales managers with the ability to modify the permissions on all the shared folders of their department only.


You need to identify the minimum amount of file servers required on the network to meet the requirements of each department.

How many file servers should you identify?

A. 1

B. 2

C. 3

D. 4



01/12/2015 // Checked

Finance managers & human resources (2 fileserver) need separate for sake of security (If we assign permission for both of them to view audit logs, then they will beable to see ALL audit logs on the server - including that of the other department).

The R&D Managers will need their own file server too because backup operators can view and backup all files on the server.

Sales managers can use either one of he auditing departments fileservers... Finance managers & human resources each have their own file server for auditing, wecan simply throw the Sales managers onto one of those servers and delegate permissions for them (they obviously wont be able to view audit logs of the otherdepartment on the server).

Certbase notes:

If we assume that the head of the Research and Development Department to use Windows Server Backup for backing up your data, the department must have itsown file server. Membership in the Administrators group or the Backup Operators group is required for using Windows Server Backup. Members of these groupscan create backups of all files. The departments accounting and personnel also require each have their own file server.

Here it is important to ensure that the head of department can only view audit records for the files of their own department. The request of the head of salesdepartment can be satisfied on fairly simple manner. The appropriate user accounts can get full access to their department folder and the permissions thenautonomously manage. To meet this requirement, a separate file server is required. Since no monitoring is required, the data can be provided on the file server ofthe accounting or the file server of the HR department.

QUESTION 48Your network contains an Active Directory domain named contoso.com. The network contains 15,000 client computers.

You plan to deploy an Active Directory Certificate Services (AD CS) infrastructure and issue certificates to all of the network devices.


You need to recommend a solution to minimize the amount of network utilization caused by certificate revocation list (CRL) checking.

What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.

A. The Network Device Enrollment Service role service

B. An increase of the CRL validity period

C. A reduction of the CRL validity period

D. The Online Responder role service



http://technet.microsoft.com/en-us/library/cc753468.aspx

QUESTION 49Your network contains an Active Directory domain named contoso.com. The domain contains a System Center 2012 R2 Virtual Machine Manager (VMM) deployment.The domain contains 20 Hyper-V hosts that run Windows Server 2012 R2.

Currently, the computer accounts of all of the Hyper-V hosts are in organizational unit (OU) named Virtualization.


You plan to create two private clouds by using VMM named Cloud1 and Cloud2. The virtual machines for Cloud1 will be hosted on two Hyper-V hosts named Server1 and Server2.

The virtual machines for Cloud2 will be hosted on two Hyper-V hosts named Server3 and Server4.

You need to recommend an administrative model for Cloud1 and Cloud2.

Which technology best achieves the goal? More than one answer choice may achieve the goal. Select the BEST answer.

A. Two sites and two Application Administrator (Self-Service User) user roles

B. Two host groups and two Application Administrator (Self-Service User) user roles

C. Two OUs and two Application Administrator (Self-Service User) user roles

D. Two logical units and two Tenant Administrator user roles


Explanation/Reference:Host Groups are the "Organizational Units" of VMM! We need two host groups to allow us to delegate permissions and Application Administrator Roles.

User Roles in VMM:

Administrator – This role is exactly what you think, can manages the scope of everything within VMM.

Fabric Administrator – Can perform ALL administrative tasks, but only within a defined Scope. That scope can be a Host Group, a Private Cloud, or one or moreLibrary Servers.

Tenant Administrator - user role can define the scope of tasks performed by self-service users on their VMs, including creating and applying quotas on availableresources. So, this is the user role you should use if you want to give an administrator permission to manage self-service users and the resources they consume.Members of the Tenant Administrator user role can also manage VM networks, including managing and deploying their own VMs within a defined scope. The scopeis limited to private cloud objects.

Application Administrator - user role can deploy and manage their own VMs within the scope and quotas defined by higher-level administrators. Note that thisuser role is called the Self-Service User user role in VMM 2012 RTM.

QUESTION 50Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2012 R2.All servers have the Hyper-V server role and the Failover Clustering feature installed.


You need to replicate virtual machines from Cluster1 to Cluster2.

Which three actions should you perform? (Each correct answer presents part of the solution.Choose three.)

A. From Hyper-V Manager on a node in Cluster2, create three virtual machines.

B. From Cluster2, add and configure the Hyper-V Replica Broker role.

C. From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.

D. From Cluster1, add and configure the Hyper-V Replica Broker role.

E. From Hyper-V Manager on a node in Cluster2 modify the Hyper-V settings.

Correct Answer: BCDSection: [none]Explanation


These are two clusters, to replicate any VM to a cluster you need to configure the Replica Broker role on each cluster the last step should be enabling replication onthe VMs.

QUESTION 51Your network contains four servers, The servers are configured as shown in the following table.You manage all of the servers and all of the clusters by using Microsoft System Center 2012 Virtual Machine Manager (VMM).

You plan to implement Dynamic Optimization for the virtual machines.

You need to recommend a configuration for the planned implementation.



A. Dynamic Optimization on Cluster3 and Cluster4 onlyVirtual machines that are balanced across the clusters

B. Dynamic Optimization on all of the clustersVirtual machines that are balanced across the nodes in the clusters

C. Dynamic Optimization on all of the clustersVirtual machines that are balanced across the clusters

D. Dynamic Optimization on Cluster1 and Cluster2 onlyVirtual machines that are balanced across the nodes in the clusters



Dynamic Optimization is compatible with Xen & VMware Servers.

So here we can implement Dynamic Otimization on ALL clusters. Dynamic Optimization will not balance nodes between clusters though.




http://searchsystemschannel.techtarget.com/feature/Using-Microsoft-Cluster-Services-for-virtual-machineclustering


You currently have an intranet web site that is hosted by two Web servers named Web1 and Web2.

Web1 and Web2 run Windows Server 2012.

Users use the name intranet.contoso.com to request the web site and use DNS round robin.

You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.


You need to recommend changes to the DNS records for the planned implementation.



A. Create one alias (CNAME) record named Intranet. Map the CNAME record to Intranet.

B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server.

C. Create a new host (A) record named Intranet. Remove both host (A) records for Web1 and Web2.

D. Delete one of the host (A) records named Intranet. Modify the remaining host (A) record named Intranet.


Explanation/Reference:Need to check

Remove both host (A) records named Intranet. Create a new host (A) record namedIntranet

QUESTION 53Your company has a main office and a branch office. Each office contains several hundred computers that run Windows 2012. You plan to deploy two Windows Server Update Services (WSUS) servers.

The WSUS servers will be configured as shown in the following table.You need to implement the WSUS infrastructure to meet the following requirements:

- All updates must be approved from a server in the main office. - All client computers must connect to a WSUS server in their local office.

What should you do? (Each correct answer presents part of the solution. Choose all that apply.)


A. Deploy a Group Policy object (GPO) that has the update location set to Server1.

B. On Server2, configure WSUS in Replica mode.

C. On Server1, configure WSUS in Replica mode.

D. On Server2, configure WSUS in Autonomous mode.

E. Deploy a Group Policy object (GPO) that has the update location set to Server2.

F. On Server1, configure WSUS in Autonomous mode.

Correct Answer: ABEFSection: [none]Explanation



We simply need to configure the downsteam server (server 2) as a replica server, and the use the GPO in the branch office to point the local branch clients toServer2 for updates.

We also need to have a GPO in the main office to point the main office clients to Server 1 for updates.

We do not need Autonomous mode - Autonomous mode will allow the Upstream server (server1) to share updates with the downstream server (server2) but it willNOT allow it to share update approval status. The requirement specifies that all updates must be approved on server 1.



QUESTION 54Your company has an office in New York. Many users connect to the office from home by using the Internet.

You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise certification authority (CA) named CA1.

CA1 is only available from hosts on the internal network. You need to ensure that the certificate revocation list (CRL) is available to all of the users.

What should you do? (Each correct answer presents part of the solution. Choose all that apply.)

A. Create a scheduled task that copies the CRL files to a Web server.

B. Run the Install-ADCSWebEnrollment cmdlet.

C. Run the Install-EnrollmentPolicyWebService cmdlet.

D. Deploy a Web server that is accessible from the Internet and the internal network.

E. Modify the location of the Authority Information Access (AIA).


F. Modify the location of the CRL distribution point (CDP).

Correct Answer: ADFSection: [none]Explanation


D: access to CRLs for the 'Internet scenario' is fully supported and includes the following features:CRLs will be located on Web servers which are Internet facing. CRLs will be accessed using the HTTP retrieval protocol. CRLs will be accessed using an external URL of

http://dp1.pki.contoso.com/pk

F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS)-based connection, DirectAccess clients must be able tocheck for certificate revocation of the secure sockets layer (SSL) certificate submitted by the DirectAccess server.

To successfully perform intranet detection, DirectAccess clients must be able to check for certificate revocation of the SSL certificate submitted by the networklocation server. This procedure describes how to do the following:

Create a Web-based certificate revocation list (CRL) distribution point using Internet Information Services (IIS)Configure permissions on the CRL distribution shared folder Publish the CRL in the CRL distribution shared folder

Reference: Configure a CRL Distribution Point for Certificates

QUESTION 55Your network contains an Active Directory domain named contoso.com. You plan to implement Microsoft System Center 2012.

You need to identify which solution automates the membership of security groups for contoso.com.

The solution must use workflows that provide administrators with the ability to approve the addition of members to the security groups.

Which System Center 2012 roles should you identify?

A. Service Manager and Virtual Machine Manager (VMM)

B. Configuration Manager and Orchestrator

C. Operations Manager and Orchestrator


D. Orchestrator and Service Manager


Explanation/Reference:Service Manager is an automated helpdesk solution when combined with one or two of the other SC2012 features (see below); contains self-service portal.

Service Manager uses Workflows; which are a sequence of activities that automate a business process. When an Alert is imported into Service Manager, itsits there as an “Event” which can then be MANAGED by an Administrator, or delegated, or Administrated etc!!!

Orchestrator as we know, is used to AUTOMATE things.

In this case, we use Orchestrator to automate the addition of members to security groups, and the Service Manager Workflows to allow the administrators toapprove the additions before implementing them

Here: We do not need to monitor anything, so we don't need Operations Manager. We do need WORKFLOWS, which is provided by Service Manager along withthe ability to allow an Event to sit in Service Manager and wait for Administrator Interaction.

GOLDEN RULE for answering these types of question:1. Orchestrator - AUTOMATES Things!2. Service Manager - WORKFLOWS, Client-Portals, Allows event to be managed by Administrators!3. Operations Manager - MONITORS, Creates Alerts, Creates Reports!

recommend an auditing solution to meethttp://www.microsoftvirtualacademy.com/tracks/system-center-2012-orchestrator-service-manager

QUESTION 56Your network contains an Active Directory domain named contoso.com.You plan to implement Network Load Balancing (NLB).

You need to identify which network services and applications can be load balanced by using NLB.


Which services and applications should you identify?

A. Microsoft SQL Server 2012 Reporting Services

B. A failover cluster

C. A DHCP server

D. A Microsoft Exchange Server 2010 Mailbox server

E. A file server

F. A Microsoft SharePoint Server 2010 front-end Web server

Correct Answer: AFSection: [none]Explanation

Explanation/Reference:NLB is ONLY usable on STATELESS network services – ie: Read-only services, like front end web servers, or SQL reporting servers. (on servers that donot allow the clients to change/modify anything).

QUESTION 57Your network contains five servers that run Windows Server 2012. You install the Hyper-V server role on the servers.

You create an external virtual network switch on each server.

You plan to deploy five virtual machines to each Hyper-V server.

Each virtual machine will have a virtual network adapter that is connected to the external virtual network switch and that has a VLAN identifier of 1. Each virtual machine will run Windows Server 2012.

All of the virtual machines will run the identical web application.

You plan to install the Network Load Balancing (NLB) feature on each virtual machine and join each virtual machine to an NLB cluster. The cluster will be configured to use unicast only.

You need to ensure that the NLB feature can distribute connections across all of the virtual machines. What should you do?

A. From the properties of each virtual machine, add a second virtual network adapter.Connect the new virtual network adapters to the external virtual network switch.Configure the new virtual network adapters to use a VLAN identifier of 2.

B. On each Hyper-V server, create a new private virtual network switch.


From the properties of each virtual machine, add a second virtual network adapter.Connect the new virtual network adapters to the new private virtual network switches.

C. On each Hyper-V server, create a new external virtual network switch.From the properties of each virtual machine, add a second virtual network adapter.Connect the new virtual network adapters to the new external virtual network switches.

D. From the properties of each virtual machine, enable MAC address spoofing for the existing virtual network adapter.



01/12/2015 // Checked

Explanation:

MAC spoofingThe changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowingit to impersonate another network device. A user may wish to legitimately spoof the MAC address of a previous hardware device in order to reacquire connectivity after hardware failure.


http://blogs.technet.com/b/jhoward/archive/2009/05/21/new-in-hyper-v-windows-server-2008-r2-part-2-macspoofing.aspx

QUESTION 58

You have a server named Host1 that runs Windows Server 2012 and has the Hyper-Vserver role installed.

Host1 has one physical network adapter. You plan to deploy 15 virtual machines on Host1.

You need to implement a networking solution that ensures that all of the virtual machines use PXE to boot when they connect toWindows Deployment Server (WDS).


What should you do?

A. Install legacy network adapters for each virtual machineB. Modify the settings of the virtual switch.C. Modify the settings of the network adapter for each virtual machine.D. Install a second physical network adapter



Explanation: Since Windows Server 2012 R2 (WS2012 R2) Hyper-V and Windows 8.1 Client Hyper-V, there are two generations ofvirtual machine hardware specification.

Generation 1 virtual machines (the only generation on legacy versions of Hyper-V) make things a little tricky when it comes to PXEbooting. The default (and better performing) synthetic Network Adapter (that leverages the Hyper-V integration components) does notsupport booting off of the network in Generation 1 virtual machines. If you do want to boot this type of virtual hardware using PXE thenyou must add an emulated Legacy Network Adapter.

Reference: Boot a Hyper-V Virtual Machine Using PXE

https://www.petri.com/boot-hyper-v-virtual-machine-using-pxe

QUESTION 59

Your network contains an Active Directory domain named adatum.com. The domaincontains a server named ADFS1.

You plan to deploy Active Directory Federation Services (AD FS) to ADFS1.

You plan to register the company’s SMTP domain for Office 365 and to configure single sign-on for all users.

You need to identify which certificate or certificates are required for the planneddeployment.


Which certificate or certificates should you identify? (Each correct answer presents acomplete solution. Choose all that apply.)

A. a certificate that is issued by an internal certification authority and that contains the subject name ADFS1B. a certificate that is issued by an internal certification authority and that contains the subject name adfs1.adatum.com.C. a certificate that is issued by a trusted third-party root certification authority and that contains the subject name ADFS1D. self-signed certificates for adfs1.adatum.comE. a certificate that is issued by a trusted third-party root certification authority and that contains the subject name adfs1.adatum.com

Correct Answer: AESection: [none]Explanation


Need to Check

Explanation: E (not C, not D): Setting up AD FS requires the use of a third party SSL certificate. Make sure you match the certificate’ssubject name with the Fully Qualified Domain Name of the server.

Reference: Geek of All Trades: Office 365 SSO: A Simplified Installation Guide

https://technet.microsoft.com/en-us/magazine/jj631606.aspx

QUESTION 60Your network contains an Active Directory domain named contoso.com. The network contains a perimeter network.

The perimeter network and the internal network are separated by a firewall.

On the perimeter network, you deploy a server named Server1 that runs Windows Server 2012.

You deploy Active Directory Certificate Services (AD CS).

Each user is issued a smart card. Users report that when they work remotely, they are unable to renew their smart card certificate.

You need to recommend a solution to ensure that the users can renew their smart card certificate from the Internet.

What should you recommend implementing on Server1?


More than one answer choice may achieve the goal. Select the BEST answer.

A. The Certification Authority Web Enrollment role service and the Online Responder role service

B. The Active Directory Federation Services server role

C. The Certificate Enrollment Policy Web Service role service and the Certificate Enrollment Web Service role service

D. An additional certification authority (CA) and the Online Responder role service



01/12/2015 // Checked

Explanation:

http://technet.microsoft.com/en-us/library/dd759230.aspx


The network contains a server named Server1 that has the Hyper-V server role installed.


Server1 hosts a virtual machine named VM1.

You deploy a new standalone server named Server2.You install the Hyper-V server role on Server2.

Another administrator named Admin1 plans to create a replica of VM1 on Server2.

You need to ensure that Admin1 can configure Server2 to receive a replica of VM1.

To which group should you add Admin1?

A. Server Operators

B. Domain Admins

C. Hyper-V Administrators

D. Replicator




The domain contains 20 servers that run Windows Server 2012.

The domain contains a Microsoft System Center 2012 infrastructure.

A web application named WebApp1 is installed on the 20 servers.

You plan to deploy a custom registry key for WebApp1 on the 20 servers.

You need to deploy the registry key to the 20 servers.

The solution must ensure that you can verify whether the registry key was applied successfully to the servers.


A. From Operations Manager, create a monitor.


B. From the Group Policy Management console, create a Group Policy object (GPO).

C. From Configuration Manager, create a Compliance Settings.

D. From Orchestrator Runbook Designer, create a runbook.


Explanation/Reference:System Center Configuration Manager can be used to deploy software (including registry keys) to clients and servers.SCCM also generates reports after deployments, which you can then use to verify deployment success/failure.https://technet.microsoft.com/en-us/library/bb680619.aspx

Explanation:


QUESTION 63Your network contains servers that run only Windows Server 2012.You have five storage pools. The storage pools are configured as shown in the following table.


You need to identify which storage pools can be used as Clustered Resources.

Which storage pools should you identify?

A. StoragePool1

B. StoragePool2

C. StoragePool3

D. StoragePool4

E. StoragePool5



To support clustered storage spaces the Disk bus type must be SAS. Storage Spaces do not support iSCSI and Fibre Channel controllers

https://technet.microsoft.com/en-us/.../jj822937.aspx

http://www.certifychat.com/70-414-a/295-storage-pools-identify.html?highlight=storage+pools.+storage+pools+configured+shown+table.

QUESTION 64A company has offices in Seattle and Shanghai. You use Hyper-V Server as the server 2012 R2 virtualization platform. Each office has a secured server roomwhere all the servers are located. Eighty percent of the company’s servers are virtual.

The company signs a data center services agreement with a vendor that is located in New York. The agreement includes a 1GB per second link to the collocation


facility in New York.

The link between the Seattle and Shanghai offices is slow and unreliable.

You must design and implement a cost-effective data recovery solution to replicate virtual servers from Seattle to both New York and Shanghailocations.

The solution must support the following requirements.

Perform failover replication from Seattle to New York.Perform scheduled replication between as many location as possible.In case of a disaster, a fast failover should be possible to the replicated servers with minimal changes required tothe existing infrastructure.

Which two actions should you perform? Each correct answer presents a part of the solution.

A. Use Hyper-V Replica unplanned failovers.

B. User Hyper-V Replica planned failovers.

C. Configure the Seattle Hyper-V server as the primary replica server and the New York Hyper-V server as the secondary replica Server.

D. Configure the Seattle Hyper-V server as the primary replica server and the Shanghai Hyper-V server as the secondary replica server



Use Hyper-V Replica unplanned failoversConfigure the Seattle Hyper-V server as the primary replica server and the New YorkHyper-V server as the secondary replica server.

http://www.certifychat.com/70-414-a/348-design-implement-cost-effective-data-recovery-solution.html?highlight=design+implement+cost-effective+data+recovery+solution+replicate+virtual+servers+Seattle+York+Shanghai+locations.

QUESTION 65Your network contains an internal network and a perimeter network.

The internal network contains an Active Directory domain named contoso.com. All client computers in the perimeter network are part of a workgroup.


The internal network contains a Microsoft System Center 2012 infrastructure.

You plan to implement an update infrastructure to update the following:

- Windows Server 2012- System Center 2012- Windows Server 2003- Microsoft SQL Server 2012- Third-party visualization hosts- Microsoft SharePoint Server 2010

Another administrator recommends implementing a single WSUS server to manage all of the updates.

You need to identify which updates can be applied by using the recommended deployment of WSUS.

What should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

A. Third-party virtualization hosts

B. System Center 2012

C. Windows Server 2012

D. SharePoint Server 2010

E. Windows Server 2003

F. SQL Server 2012

Correct Answer: BCDEFSection: [none]Explanation


All Windows Products can be updated by WSUS.

Windows Sharepoint Services updates are released in the Operating System product category, so if you are running WSS on Windows Server 2008 R2, and havethe OS synchronized, they should already be synchronized and detected.

Microsoft Office Sharepoint Server updates are released in the Office product category associated with the release version. (E.g. MOSS 2007 updates will be foundin the Office 2007 product category.)

http://social.technet.microsoft.com/Forums/da/winserverwsus/thread/b6d908a9-6fce-43e6-88b2-d38a5d8e029e


QUESTION 66Your network contains an Active Directory domain named contoso.com. The domain contains four servers on a test network. The servers are configured as shown in the following table.

Server1 uses the storage shown in the following table.

You perform the following tasks:

- On Server2, you create an advanced SMB share named Share2A and an applications SMB share named Share2B.- On Server3, you create an advanced SMB share named Share3.- On Server4, you create an applications SMB share named Share4.

You add Server3 and Server4 to a new failover cluster named Clus1. On Clus1, you configure the File Server for general use role, you create a quick SMB sharenamed Share5A, and then you create an applications SMB share named Share5B.

You plan to create a failover cluster of two virtual machines hosted on Server1. The clustered virtual machines will use shared .vhdx files. You need torecommend a location to store the shared .vhdx files.

Where should you recommend placing the virtual hard disk (VHD)?



A. \\Clus1\Share5A

B. \\Server2\Share2A

C. \\Server4\Share4

D. the D drive on Server1



vhdx files can be housed on a continuously-available SMB share on a Windows Storage Server 2012 R2 failover cluster.

QUESTION 67Your company has three offices. The offices are located in Seattle, London, and Tokyo.

The network contains an Active Directory domain named northwindtraders.com. Each office is configured as an Active Directory site.

System Center 2012 R2 Operations Manager is deployed to the domain. The servers in all three sites are monitored by using Operations Manager.

The company has a web site for its customers. The web site requires users to sign-in.

You need to recommend a solution to monitor the web site.


- Monitor the availability of the web site from locations in North America, Europe, Asia, and Australia.- Monitor multi-step requests to the web site.- Use a central console for monitoring.


A. Import the System Center Global Services Monitoring Management Pack and add the Web Application Availability Monitoring monitoring type.

B. Add the Web Application Transaction monitoring type and configure watcher nodes.

C. Add the TCP Port monitoring type and configure watcher nodes.


D. Import the System Center Global Services Monitor Management Pack and add the Visual Studio Web Test Monitoring monitoring type.


Explanation/Reference:The answer is D.

Visual Studio Web Test Supports Multistep AND External Server testing.

http://www.systemcentercentral.com/which-is-the-best-synthetic-web-transaction-to-use-in-operations-manager-for-my-requirements-scom-sysctr/

QUESTION 68Your network contains an Active Directory domain. The domain contains 10 file servers. The file servers connect to a Fibre Channel SAN.

You plan to implement 20 Hyper-V hosts in a failover cluster.The Hyper-V hosts will not have host bus adapters (HBAs).

You need to recommend a solution for the planned implementation that meets the following requirements:

- The virtual machines must support live migration.- The virtual hard disks (VHDs) must be stored on the file servers.

Which two technologies achieve the goal? Each correct answer presents a complete solution.


A. Cluster Shared Volume (CSV)

B. An NFS share

C. Storage pools

D. SMB 3.0 shares


Explanation/Reference:Cluster-Shared Volumes require Host-Bus Adapter (HBA) hardware to be installed on the Physical NIC, so it cannot be implemented here.

Answer:

Scale-Out File Server:These are active-active File Servers, which means data can be accessed off of multiple File Server Cluster Nodes simultaneously using the "Continuous Availability"feature in SMB 3.0 - be advised, SMB 3.0 cannot be accessed by clients running Windows 7 or older!

To meet the requirements, we can create a storage pool from the file servers (who will run the Scale-Out File Server Role, using continuous avialability) and thenconfigure them to host an SMB 3.0 share for the VHDs of the Virtual Machines.

To create an SMB 3.0 Share Across Multiple File Server:SMB Transparent Failover has the following requirements:

A failover cluster running Windows Server 2012 with at least two nodes. File Server role is installed on all cluster nodes. Clustered file server configured with one or more file shares created with the continuously available property. This is the default setting. SMB client computers running the Windows 8 client or Windows Server 2012.

http://blogs.technet.com/b/clausjor/archive/2012/06/07/smb-transparent-failover-making-file-shares-continuously-available.aspx

QUESTION 69You have a server named Server1 that runs Windows Server 2012 R2.

You plan to enable Hyper-V Network Virtualization on Server1.

You need to install the Windows Network Virtualization Filter Driver on Server1.

Which Windows PowerShell cmdlet should you run?


A. Set-NetVirtualizationGlobal

B. Enable-NetAdapterBinding

C. Add - WindowsFeature

D. Set-NetAdapterVmq



Hyper-V Network Virtrtualization runs multiple virtual networks on a physical network. And each virtual network operates as if it is running as a physical network.

The The Set-NetAdaptercmdlet sets the basic properties of a network adapter such as virtual LAN (VLAN) identifier (ID) and MAC address.

Thus if you add the binding parameter to the command then you will be able to install the Windows Network Virtualization Filter Driver.

Step one:Enable Windows Network Virtualization (WNV). This is a binding that is applied to the NIC that you External Virtual Switch is bound to.

This can be a physical NIC, it can be an LBFO NIC team. Either way, it is the network adapter that your External Virtual Switch uses to exit the server.This also means that if you have multiple virtual networks or multiple interfaces that you can pick and choose and it is not some global setting.If you have one External Virtual Switch this is fairly easy:

$vSwitch = Get-VMSwitch -SwitchType External# Check if Network Virtualization is bound# This could be done by checking for the binding and seeing if it isenabledForEach-Object - InputObject $vSwitch {if ((Get-NetAdapterBinding -ComponentID "ms_netwnv" - InterfaceDescription $_.NetAdapterInterfaceDescription).Enabled -eq $false){ # Lets enable itEnable-NetAdapterBinding -InterfaceDescription $_.NetAdapterInterfaceDescription -ComponentID "ms_netwnv"}}

QUESTION 70Your network contains an Active Directory domain named contoso.com.The domain contains a server named Server1.

Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. On Server1, an administrator creates a virtual machine named VM1.

A user named User1 is the member of the local Administrators group on Server1. User1 attempts to modify the settings of VM1 as shown in the following exhibit. (Click the Exhibit button.)


You need to ensure that User1 can modify the settings of VM1 by running the Set-Vmcmdlet.

What should you instruct User1 to do?

A. Run Windows PowerShell with elevated privileges.

B. Install the Integration Services on VM1.

C. Modify the membership of the local Hyper-V Administrators group.

D. Import the Hyper-V module.



You can only use the PowerShell snap-in to modify the VM settings with the vmcmdlets when you are an Administrator.Thus best practices dictate that User1 run the Powershell with elevated privileges.


QUESTION 71You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V. You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012. Distributed Key Management is not installed. You have the following servers in the environment:



- You must back up virtual machines at the host level.- You must be able to back up virtual machines that are configured for live migration.- You must be able to restore the entire VMM infrastructure.

You need to design and implement the backup plan.

What should you do?

A. Run the following Windows PowerShell command:Get-VM VMM1 | Checkpoint-VM-SnapshotName "VMM backup"

B. Run the following Windows PowerShell command:Set-DPMGlobalProperty-DPMServerName DPM1-KnownVMMServers VMM1

C. Configure System State Backup for DCL.

D. Configure backup for all disk volumes on FILESERVER1



Run the following Windows PowerShell command:


Checkpoint-VM -Name DPM1 -ComputerName SQL1

Explanation:

DPM can protect Hyper-V virtual machines V during live migration. Connect servers--Run the the Set-DPMGlobalProperty PowerShell command to connect all the servers that are running Hyper-V to all the DPM servers.The cmdlet accepts multiple DPM server names.Set-DPMGlobalProperty -dpmservername <dpmservername> -knownvmmservers <vmmservername>


QUESTION 72Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 and Server2 have the Hyper-V server role installed and are part of a host group named Group1 in Microsoft System Center 2012 Virtual Machine Manager(VMM).

Server1 and Server2 have identical hardware, software, and settings. You configure VMM to migrate virtual machines if the CPU utilization on a host exceeds 65 percent. The current load on the servers is shown following table.

You start a new virtual machine on Server2 named VM8. VM8 has a CPU utilization of 20 percent.

You discover that none of the virtual machines hosted on Server2 are migrated to Server1.

You need to ensure that the virtual machines hosted on Server2 are migrated to Server1.

What should you modify from the Dynamic Optimization configuration?

A. The Host Reserve threshold


B. The Aggressiveness level

C. The Dynamic Optimization threshold

D. The Power Optimization threshold


Explanation/Reference:Correct is B

Host Reserve Threshold – defines the amount of resources that are reserved for the Hyper-V Host’s Operating System.

Power Optimization Threshold – defines power optimization settings. Can automatically power a machine on or off according to settings.

Aggressiveness Level: Aggressiveness determines the amount of load imbalance that is required to initiate a migration during Dynamic Optimization.

QUESTION 73Your network contains a Hyper-V host named Host1. Host1 hosts 25 virtual machines.

All of the virtual machines are configured to start automatically when Host1 restarts.

You discover that some of the virtual machines fail to start automatically when Host1 restarts and require an administrator to start them manually.

You need to modify the settings of the virtual machines to ensure that they automatically restart when Host1 restarts.

Which settings should you modify?

A. Memory weight

B. Maximum RAM

C. Startup RAM

D. Minimum RAM




QUESTION 74Your network contains three servers named HV1, HV2, and Server1 that run Windows Server 2012 R2. HV1 and HV2 have the Hyper-V server role installed. Server1 is a file server that contains 3 TB of free disk space.

HV1 hosts a virtual machine named VM1.

The virtual machine configuration file for VM1 is stored in D:\VM and the virtual hard disk file is stored in E:\VHD.You plan to replace drive E with a larger volume.

You need to ensure that VM1 remains available from HV1 while drive E is being replaced.

You want to achieve this goal by using the minimum amount of administrative effort.What should you do?

A. Perform a live migration to HV2.

B. Add HV1 and HV2 as nodes in a failover cluster.Perform a storage migration to HV2.

C. Add HV1 and HV2 as nodes in a failover cluster.Perform a live migration to HV2.

D. Perform a storage migration to Server1.



QUESTION 75Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System Center 2012 infrastructure.

All client computers have a custom application named App1 installed.

App1 generates an Event ID 42 every time the application runs out of memory.

Users report that when App1 runs out of memory, their client computer runs slowly until they manually restart App1.

You need to recommend a solution that automatically restarts App1 when the application runs out of memory.



A. From Configurations Manager, create a desired configuration management baseline,

B. From Operations Manager, create an alert.

C. From Windows System Resource Manager, create a resource allocation policy.

D. From Event Viewer, attach a task to the event.



http://www.systemcenterinsight.com/creating-alerts-view-in-operations-manager-2012/

QUESTION 76Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 and Server2 are connected to a Fibre Channel Storage Area Network (SAN).

Server1 and Server2 are members of a failover cluster named Cluster1.

You plan to host the clustered File Server role on the nodes in Cluster1. Cluster1 will store application databases in shared folders.

You need to implement a storage solution for Cluster1.


The solution must minimize the amount of time the shared folders are unavailable during a failover.

What should you implement? More than one answer choice may achieve the goal. Select the BEST answer.

A. An iSCSI Target Server cluster role in Cluster1

B. The Multi Path I/O (MPIO) feature on Server1 and Server2

C. A Virtual Fibre Channel SAN on Server1 and Server2

D. A Cluster Shared Volume (CSV) in Cluster1



01/12/2015 // Checked

This allows a PHYSICAL cluster to connect to a SAN or Fibre-Channel SAN and use the SAN to host shared storage for the cluster. This will minimize downtimeduring failover because both Server 1 and Server 2 will have red-and-write access to the SAN simultaneously. Both nodes can failover quickly because they do notneed to dismount or remount their VHDs as they share the same storage.

Not C - Virtual Fibre Channel SAN doesn't even apply here as our nodes are physical servers.Not A - iSCSI Target Server Role will only allow clients or other servers to access the SAN through Servers 1 and 2.Not B - Not Applicable Here.

Explanation:



QUESTION 77Your network contains an Active Directory domain named contoso.com. You deploy Active Directory Certificate Services (AD CS).

Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc.

Fabrikam also deploys AD CS. Contoso and Fabrikam plan to exchange signed and encrypted email messages.

You need to ensure that the client computers in both Contoso and Fabrikam trust each other's email certificates.

The solution must prevent other certificates from being trusted.


A. Implement an online responder in each company.

B. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Trusted Root Certification Authorities store byusing Group Policy objects (GPOs).

C. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Enterprise Trust store by using Group Policyobjects (GPOs).

D. Implement cross-certification in each company.




QUESTION 78You install the Service Manager Self-Service Portal on a server named CONTOSOSSP1.

Users report that they receive access denied messages when they try to connect to the portal.

You must grant users the minimum required permissions.

You need to ensure that all users in the Contoso domain can access the Service Manager Self- Service Portal.

What should you do?

A. In Active Directory, create a new group named PortalUsers. Add the PortalUsers group to the Contoso\Domain Users group, and then add the group to the local users group on CONTOSOSSP1.

B. Using the account that you used to install the Self-Service portal, grant the Contoso\Domain Users group Read permissions to the portal.

C. In Service Manager, create a new user role named PortalUsers. Grant the PortalUsers role rights to all catalog items, and then add the Contoso\Domain Users Active Directory Domain Services group to the PortalUsers role.

D. Using the account that you used to install the Self-Serviceportal, grant the Contoso\Domain Users group Contribute permissions to the portal.



Using the account that you used to install the Self-Serviceportal, grant the Contoso\Domain Users group Contribute permissions to the portal.

Self Service Portal Users only need READ Access.

http://www.certifychat.com/70-414-a/272-install-service-manager-self-service-portal-server-named-contosossp1.html?highlight=ensure+users+Contoso+domain+access+Service+Manager+Self-+Service+Portal.

QUESTION 79


Your network contains three networks named LAN1, LAN2, and LAN3.You have a Hyper-V host named Hyper1 that has Windows Server 2012 installed. Hyper1 has three network adapters.

The network adapters are configured as shown in the following table.Hyper1 hosts 10 virtual machines.

A virtual machine named VM1 runs a line-of-business application that is used by all of the users of LAN1. All of the other virtual machines are connected to LAN2.

You need to implement a solution to ensure that users can access VM1 if either NIC1 or NIC2 fails. What should you do?

A. From the properties of each virtual network adapter, enable network adapter teaming, and then modify the bandwidth management settings.

B. From the properties of each virtual network adapter, enable network adapter teaming, and then enable virtual LAN identification.

C. From the properties of each physical network adapter, enable network adapter teaming, and then add a second legacy network adapter to VM1.

D. From the properties of each physical network adapter, enable network adapter teaming, and then create a virtual switch.



NIC Teaming Overview

https://technet.microsoft.com/en-us/library/hh831648.aspx Updated: November 5, 2014Applies To: Windows Server 2012 R2

NIC Teaming, also known as load balancing and failover (LBFO), allows multiple network adapters on a computer to be placed into a team for the followingpurposes:


Bandwidth aggregationTraffic failover to prevent connectivity loss in the event of a network component failureThis feature has been a requirement for independent hardware vendors (IHVs) to enter the server network adapter market, but until now NIC Teaming has not beenincluded in Windows Server operating systems.For more information about NIC Teaming in Windows Server® 2012 R2, see Windows Server 2012 R2 NIC Teaming (LBFO) Deployment and Management.For more information about NIC Teaming in Windows Server® 2012, see Windows Server 2012 NIC Teaming (LBFO) Deployment and Management.

https://technet.microsoft.com/en-US/library/mt179272.aspx

QUESTION 80Your network contains a Hyper-V cluster named Cluster1.

You install Microsoft System Center 2012 Virtual Machine Manager (VMM).

You create a user account for another administrator named User1.

You plan to provide User1 with the ability to manage only the virtual machines that User1 creates.

You need to identify what must be created before you delegate the required permissions.


A. A cloud

B. A service template

C. A host group

D. A Delegated Administrator



01/12/2015 // Checked Explanation:

VMM uses "Host Groups" in the same way ADDS uses OUs (Organizational Units) to delegate permissions and scope.



You can assign host groups to the Delegated Administrator and the Read-Only Administrator user roles to scope the user roles to specific host groups. Members of these user roles can view and manage the fabric resources that are assigned to them at the host group level.

You can create a private cloud from resources in host groups. When you create a private cloud, you select which host groups will be part of the private cloud. You can then allocate all or some of the resources from the selected host groups to the private cloud.

QUESTION 81

Your network contains an Active Directory domain named contoso.com. The domaincontains several domain controllers. The domain controllers run either Windows Server 2012 or Windows Server 2008 R2.


The domain functional level is Windows Server 2008 R2. The forest functional level is Windows Server 2008.

The corporate compliance policy states that all items deleted from Active Directory must be recoverable from a Recycle Bin.

You need to recommend changes to the current environment to meet the compliancepolicy.

Which changes should you recommend? (Each correct answer presents part of thesolution. Choose all that apply.)


A. Run the Set-ADForestMode cmdlet.B. Run the New-ADObject cmdlet.C. Run the Set-ADObject cmdlet.D. Run the Set-ADDomainMode cmdlet.E. Run the Enable-ADOptionalFeature cmdlet.

Correct Answer: AESection: [none]Explanation


Explanation:A: You can enable Active Directory Recycle Bin only if the forest functionallevel of your environment is set to Windows Server 2008 R2.The Set-ADForestMode cmdlet sets the Forest mode for an Active Directory forest. You specify the forest mode by setting theForestMode parameter. Here we should set it to Windows2008R2Forest.

E: Enabling Active Directory Recycle BinAfter the forest functional level of your environment is set to Windows Server 2008 R2, you can enable Active Directory Recycle Bin by


using the following methods:/ Enable-ADOptionalFeature Active Directory module cmdlet (This is the recommended method.) / Ldp.exe

QUESTION 82Your network contains an Active Directory forest named contoso.com. The forest contains multiple servers that run Windows Server 2012. The network contains 1,000 client computers that run Windows 7.

Two hundred remote users have laptop computers and only work from home. The network does not provide remote access to users.

You need to recommend a monitoring solution to meet the following requirements:

- Generate a list of updates that are applied successfully to all computers.- Minimize the amount of bandwidth used to download updates.- An administrator must approve the installation of an update on any client computer.

What should you include in the recommendation? (Each Answer presents part of the solution. Choose all that apply.)

A. Microsoft Asset Inventory Service (AIS)

B. Windows InTune

C. Windows Server Update Services (WSUS)

D. Active Directory Federation Services (AD FS)

E. Microsoft System Center 2012 Service Manager



Can also include Microsoft Asset Inventory Service (AIS)

B & C.

Windows InTune can be used to manage remote clients and deploy updates to them even when they are not connected to the domain, or are not even domainusers.

Intune handles the updates & reporting for the 200 remote users. They use their own Internet to get the updates


WSUS handles the “in-office” updates & reporting and satisfies the requirement of minimizing bandwidth for downloading updates.

QUESTION 83A company has data centers in Seattle and New York. A high-speed link connects the data centers. Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V Server 2012 R2.

Administrative users from the Seattle and New York offices are members of Active Directory Domain Services groups named SeattleAdmins and NewYorkAdmins,respectively.

You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center.You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New York data centers, respectively.You have the following requirements:

Administrators from each data center must be able to manage the virtual machines and services from their location byusing a web portal.Administrators must not apply new resource quotas or change resource quotas. You must manage public clouds by using the existing SCVMM server. You must use the minimum permissions required toperform the administrative tasks.

You need to configure the environment.

What should you do?

A. For both the Seattle and New York admin groups, create a User Role and assign it to the Application Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.

B. For both the Seattle and New York admin groups, create a User Role and assign it to the Delegated Administrator profile.Add the Seattle and New York private clouds to the corresponding User Role.

C. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.

D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V host in Seattle and New York, respectively.


Explanation/Reference:User Roles in VMM:

Administrator – This role is exactly what you think, can manages the scope of everything within VMM.


Fabric Administrator – Can perform ALL administrative tasks, but only within a defined Scope. That scope can be a Host Group, a Private Cloud, or one or moreLibrary Servers.

Tenant Administrator - user role can define the scope of tasks performed by self-service users on their VMs, including creating and applying quotas on availableresources. So, this is the user role you should use if you want to give an administrator permission to manage self-service users and the resources they consume.Members of the Tenant Administrator user role can also manage VM networks, including managing and deploying their own VMs within a defined scope. The scopeis limited to private cloud objects.

Application Administrator - user role can deploy and manage their own VMs within the scope and quotas defined by higher-level administrators. Note that thisuser role is called the Self-Service User user role in VMM 2012 RTM.


You deploy a service named Service1 by using a service template. Service1 contains two virtual machines. The virtual machines are configured as shown in the following table.

You need to recommend a monitoring solution to ensure that an administrator can review the availability information of Service1.

What should you do?

A. From Configuration Manager, create a Collection and a Desired Configuration Management baseline.

B. From Virtual Machine Manager (VMM), modify the properties of the service template.

C. From Operations Manager, create a Distributed Application and a Monitor Override.

D. From Operations Manager, create a Distributed Application and a Service Level Tracking object.




http://www.windowsitpro.com/article/system-center/dashboards-operations-manager-2012-141491


QUESTION 85You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.

VM1 has several snapshots.


You need to modify the snapshot file location of VM1.

What should you do?

A. Delete the existing snapshots, and then modify the settings of VM1.

B. Right-click VM1, and then click Move. ..

C. Right-click VM1, and then click Export...

D. PauseVM1, and then modify the settings of VM1.



You will need to navigate to the Hyper-V Management snap-in (C:\ProgramData\Microsoft\Windows\Hyper-V) and from there access the Snapshot file Location tabwhere you can change the settings for the VM1 snapshot file location. However, since there are already several snapshots in existence, you will need to delete them first because you will not be able to change the location of thesnapshot file while there is an existing snapshot. You need to modify the snapshot file location of VM1.

QUESTION 86Your network contains an Active Directory domain named contoso.com. You deploy Active Directory Certificate Services (AD CS).

You plan to deploy 100 external Web servers that will be publicly accessible and will require Secure Sockets Layer (SSL) certificates.

You also plan to deploy 50,000 certificates for secure email exchanges with Internet-based recipients.

You need to recommend a certificate services solution for the planned deployment.


A. Deploy a certification authority (CA) that is subordinate to an external root CA.

B. Purchase 50,100 certificates from a trusted third-party root certification authority (CA).

C. Distribute a copy of the root certification authority (CA) certificate to external relying parties.

D. Instruct each user to request a Secure Email certificate from a trusted third-party root CA, and then purchase 100 Web server certificates.




01/12/2015 // Checked

A Subordinate CA can be used to issue certificates for specific uses such as; secure email, web-based authentication and smart card authentication. Subordinate CAs can be subordinate to either a internal or external Root CA.

B is absolute nonsense, there is no need to purchase 50000 certificates. If you do purchase a certificate ever, you simply purchase ONE and issue it to clients atwill.For this same reason, D is also not applicable.

C could be applicable, except that this is not a Certification Trust scenrio between our business and a Relying party who has their own CA infrastructure. We do notyet have a way to issue certificates safely to the Internet-Based Clients, therefore we need to Deploy a Subordinate CA.


QUESTION 87Your network contains an Active Directory domain named contoso.com. The domain contains a member server named HVServer1.

HVServer1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.HVServer1 hosts 10 generation 1 virtual machines.


All of the virtual machines connect to a virtual switch named Switch1.Switch1 is configured as a private network.

All of the virtual machines have the DHCP guard and the router guard settings enabled. You install the DHCP server role on a virtual machine named Server1.

You authorize Server1 as a DHCP server in contoso.com.You create an IP scope.

You discover that the virtual machines connected to Switch1 do not receive IP settings from Server1.

You need to ensure that the virtual machines can use Server1 as a DHCP server.

What should you do?

A. Enable MAC address spoofing on Server1.

B. Enable single-root I/O visualization (SR-IOV) on Server1.

C. Disable the DHCP guard on Server1.

D. Disable the DHCP guard on all of the virtual machines that are DHCP clients.


Explanation/Reference:Explanation:DHCP guard settingThis setting stops the virtual machine from making DHCP offers over this network interface. To be clear this does not affect the ability to receive a DHCP offer (i.e. if you need to use DHCP to acquire an IP address that will work) it only blocks the ability forthe virtual machine to act as a DHCP server.

QUESTION 88Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

Server1 has the Hyper-V server role installed.

The domain contains a virtual machine named VM1.

A developer wants to attach a debugger to VM1.


You need to ensure that the developer can connect to VM1 by using a named pipe.

Which virtual machine setting should you configure?

A. BIOS

B. Network Adapter

C. COM 1

D. Processor



Explanation:Named pipes can be used to connect to a virtual machine by configuring COM 1.

References:http://support.microsoft.com/kb/819036http://support.microsoft.com/kb/141709

QUESTION 89Your company, which is named Contoso, Ltd., has offices only in North America. The company has 2,000 users.

The network contains an Active Directory domain named contoso.com. You plan to deploy an Active Directory Certificate Services (AD CS) infrastructure and assign certificates to all client computers.

You need to recommend a PKI solution to protect the private key of the root certification authority (CA) from being accessed by external users.


A. An offline standalone root CA and an online enterprise issuing CA

B. An online enterprise root CA and an online enterprise issuing CA

C. An offline standalone root CA and an offline enterprise issuing CA

D. An online enterprise root CA, an online enterprise policy CA, and an online enterprise issuing CA



Explanation


01/12/2015 // Checked

Explanation:

Notes:The Public Key Infrastructure Public Key Infrastructure (PKI) supported by Microsoft a hierarchical Certification Authority model. A certification hierarchy providesscalability, ease of use and consistency with the growing number of commercial and other certification bodies. In its simplest form, a certification hierarchy consistsof a single certification body. In general, however, a hierarchy contains multiple CAs with clearly defined relations between parent and child CAs. In this model, thesubordinate CAs are certified by the documents issued by the respective parent CA certificates, through which the public key of a certification body will be bound tothe identity. The uppermost certification body in a hierarchy is referred to as root certification authority. The CAs below the root CAs are called subordinate CAs. If aroot certification authority in Windows XP and the Windows Server 2003 family as trustworthy considered (because the associated certificate is stored in thecertificate store Trusted Root Certification Authorities), are all subordinate CAs in the hierarchy than trustworthy classified, unless the certificate of a subordinate CAhas been banned by the issuing CA or has expired. Root Certification Authorities provide extremely important trust points in an organization is and should beprotected and managed in accordance with. To protect safety reasons and to the certification body from possible attacks by unauthorized persons on the network,can be used as root of the certification hierarchy a standalone CA are used that the post-certification Issuing CA goes offline. In order to use the possibilities ofcertificate auto-enrollment within the domain environment, the issuing CA type companies should be.


QUESTION 90Your network contains two servers that run Windows Server 2012. The servers are members of a failover cluster.

Each server has 32 GB of RAM and has the Hyper-V server role installed. Each server hosts three highly available virtual machines.

All of the virtual machines have an application named App1 installed. Each of the virtual machines is configured to have 4 GB of memory.

During regular business hours, the virtual machines use less than 2 GB of memory. Each night, App1 truncates its logs and uses almost 4 GB of memory. You plan to add another three virtual machines to each host.

The new virtual machines will run the same load as the existing virtual machines.

You need to ensure that all of the virtual machines can run on one of the Hyper-V hosts if a single host fails. What should you do?


A. From the properties of each Hyper-V host, modify the Allow virtual machines to span NUMA nodes.

B. From the properties of each virtual machine, modify the NUMA Configuration -Maximum amount of memory setting.

C. From the properties of each virtual machine, modify the Smart Paging File Location.

D. From the properties of each virtual machine, modify the Dynamic Memory settings.



01/12/2015 // Checked certbase notes:

We need to ensure that all 12 virtual machines can run in an emergency on a Hyper-V host. The memory that is allocated to the VMs currently (12 x 4 GB = 48 GB),but exceeds the physically existing memory of a single host. The problem can be solved by the configuration of the dynamic memory allocation:


Explanation:



QUESTION 91Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2.

All servers run Windows Server 2012 R2.Server1 and Server2 have the Failover Clustering feature installed.

The servers are configured as nodes in a failover cluster named Cluster1.Cluster1 has access to four physical disks. The disks are configured as shown in the following table.

You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV). Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Enable BitLocker on Disk4.

B. Disable BitLocker on Disk1.

C. Format Disk2 to use NTFS.

D. Format Disk3 to use NTFS.




You cannot use a disk for a CSV that is formatted with FAT, FAT32, or Resilient File System (ReFS).

QUESTION 92You have a System Center 2012 R2 Configuration Manager deployment.All users have client computers that run Windows 8.1.

The users log on to their client computer as standard users.

An application named App1 is deployed to the client computers by using System Center.

You need to recommend a solution to validate a registry key used by App1.

If the registry key has an incorrect value, the value must be changed. The registry key must be validated every day.

The solution must generate a report on non-compliant computers.


A. Group Policy preferences

B. A desired configuration baseline

C. The Windows PowerShell Desired State Configuration (DSC) feature

D. The Microsoft Baseline Security Analyzer (MBSA)


Explanation/Reference:The question indicates that we HAVE System Center deployed so there is no need to fiddle around with Group Polcies that won't really work properly.

Not A - Above reason.Not C - We dont need to install the DSC Powershell Tools, we need to create a DSC baseline.Not D - MBSA can analyze and report but NOT carry out actions (cannot change the value of the registry key).

B - A Desired State Configurtion can stipulate the required status of the registry key. DSC also provides a means for non-compliant machines to remidiate theircompliance.


QUESTION 93Your network contains an Active Directory domain named contoso.com. The domain contains a Hyper-V host named Server1.

Server1 has an offline virtual machine named VM1 that is stored on a virtual hard disk named VMl.vhd. You plan to implement multiple virtual machines that have the same configurations as VM1.

You need to recommend a virtual hard disk solution for the planned implementation.


- Minimize the amount of time required to create the new virtual machines. - Minimize the amount of storage space required on Server1.



A. Differencing VHD disks

B. Dynamically expanding VHD disks

C. Dynamically expanding VHDX disks

D. Differencing VHDX disks



A Differencing VHD is a pretty nifty tool to use. Basically what happens is, there is a Parent VHD (VM1.vhd) in this case. All new Differencing Disks are based off ofa reference of the Parent Disk's configuration. So each new Differencing VHD is tiny in size, because it merely references the Parent Disk in order to boot etc, andthen all changes are written to the Differencing VHD (not the Parent). This means multiple Differencing VHDs can utilize one Parent VHD, but they all take very littlestorage because they only save information that is unique to them.

For example, If I install iTunes on a VM that is using a Differencing Disk, that modification will ONLY be present on the Differencing disk.


This conserves space, and because the new Differencing VHDs are so small in size, they are quick to create.This meets both requirements.

http://lyncdup.com/2012/06/creating-hyper-v-3-differencing-disks-in-server-2012-with-gui-and-powershell/

QUESTION 94Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System center 2012 infrastructure.

You deploy a second System Center 2012 infrastructure in a test environment. You create a service template named Template1 in both System Center 2012 infrastructures. For self-service users, you create a service offering for Template1. The users create 20 instances of Template1.

You modify Template1 in the test environment. You export the service template to a file named Templatel.xml.

You need to ensure that the changes to Template1 can be applied to the existing instances in the production environment.

What should you do when you import the template?

A. Create a new service template.

B. Overwrite the current service template.

C. Change the release number of the service template.

D. Change the name of the service template.




QUESTION 95Your network contains 10 servers that run Windows Server 2012. The servers have the Hyper-V server role installed.

The servers host a Virtual Desktop Infrastructure (VDI) that contains persistent virtual machines. Each virtual machine is assigned to a specific user.

Users can install software on their specific virtual machine.

You need to implement a solution to generate monthly reports that contain a list of all the installed software on the virtual machines.

The solution must NOT require the installation of additional software on the virtual machines. Which solution should you implement?

A. A Microsoft System Center 2012 Configuration Manager software inventory

B. A Microsoft System Center 2012 Configuration Manager hardware inventory

C. Microsoft Assessment and Planning (MAP) Toolkit scans

D. Microsoft Audit Collection Services (ACS) audit logs



Explanation:

There is nothing to indicate that we have a a subscription to System Center, so we cannot use A or B anyway.

C is correct, the Microsoft Assessment and Planning (MAP) Toolkit is an agentless inventory, assessment, and reporting tool.

Map can be scheduled to scan the machines and generate the desired report.


QUESTION 96Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that run Windows Server 2012.

All client computers run Windows 7.The network contains two data centers.You plan to deploy one file server to each data center.

You need to recommend a solution to provide redundancy for shared folders if a single data center fails.


A. A Distributed File System (DFS) namespace and DFS Replication

B. Cluster Shared Volumes (CSVs)

C. The clustered File Server role of the File Server for general use type

D. The clustered File Server role of the File Server scale-out application data type



QUESTION 97You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V. You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012.


Distributed Key Management is not installed.

You have the following servers in the environment:

You have the following requirements:You must back up virtual machines at the host level. You must be able to back up virtual machines that are configured for live migration. You must be able to restore the entire VMM infrastructure.

You need to design and implement the backup plan.

What should you do?

A. Run the following Windows PowerShell command:Checkpoint-VM -Name DPMI -ComputerName SQL1

B. Install the DPM console on VMM1

C. Configure backup for all disk volumes on FILESERVER1.

D. Install the VMM console on DPMI or

Run the following Windows PowerShell command:Set-DPMGlobalProperty-DPMServerName DPM1-KnownVMMServers VMM1




DPM can be used along with Hyper-V, and Hyper-V Clusters for a perfect backup solution. DPM can be assigned the task of backing up a VM on one clusternode, then if that VM ends up being moved/failed over/migrated to another cluster node DPM will contact Virtual Machine Manager (VMM) and automatically find outwhere the VM was moved to. Then it will back up the VM as if it hadn’t even been moved at all.

Basically, DPM is an intelligent backup solution for Clustered Virtual Machines that move around to different nodes a lot. It will find the VM that it is supposed tobackup automatically and back it up as per usual.

To do this, the VMM Console needs to be installed on the DPM server.

QUESTION 98Your network contains a main data center and a disaster recovery data center. Each data center contains a Storage Area Network (SAN).

The main data center contains a two-node failover cluster named Cluster1 that hosts a Microsoft SQL Server 2012 database named DB1.

The database files in DB1 are stored on the SAN in the main office. The disaster recovery data center contains a server that runs SQL Server 2012.

You need to recommend a disaster recovery solution for the SQL Server database.

The solution must ensure that the database remains available if the main data center fails.What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

A. Deploy Distributed File System (DFS) Replication.

B. Extend the failover cluster to the disaster recovery data center.

C. Implement a Cluster Shared Volume (CSV) and move the database files to the CSV.

D. Implement SQL Server database replication between the two data centers.



01/12/2015 // Checked

Explanation:


http://technet.microsoft.com/en-us/library/ms151198.aspx

QUESTION 99Your network contains the following:

- 20 Hyper-V hosts- 100 virtual machines- 2,000 client computers

You need to recommend an update infrastructure design to meet the following requirements:

- Deploy updates to of the all virtual machines and the client computers from a single console. - Generate reports that contain a list of the applied updates.


A. One Windows Server update Services (WSUS) server integrated with Microsoft System Center 2012 Configuration Manager and a second WSUS server that isintegrated with Microsoft System Center 2012 Virtual Machine Manager (VMM)

B. One Windows Server Update Services (WSUS) server integrated with Microsoft System Center 2012 Configuration Manager and Microsoft System Center 2012Virtual Machine Manager (VMM)

C. One Windows Server Update Services (WSUS) server integrated with Microsoft System Center 2012 Virtual Machine Manager (VMM)

D. One Windows Server Update Services (WSUS) server integrated with Microsoft System Center 2012 Configuration Manager, a second WSUS server integratedwith Microsoft System Center 2012 Virtual Machine Manager (VMM), and a third standalone WSUS server.




The Windows Server Update Services (WSUS) can be integrated into the System Center 2012 Configuration Manager. The Virtual Machine Manager 2012 supportsusing a WSUS server that is part of a Configuration Manager environment. After the Windows Server Update Services were integrated into Virtual MachineManager, can be viewed status information about the VMM console and configuration changes are made.

QUESTION 100


Your network contains a Microsoft System Center 2012 infrastructure.

You use Virtual Machine Manager (VMM) to manage 20 Hyper-V hosts. You deploy a Windows Server Update Services (WSUS) server.

You need to automate the remediation of non-compliant Hyper-V hosts. The solution must minimize the amount of time that virtual machines are unavailable. What should you do first?

A. Install the WSUS Administration console on the VMM server, and then add the WSUS server to the fabric.

B. Configure the Hyper-V hosts to download Windows updates from the WSUS server by using a Group Policy object (GPO).

C. Configure the Hyper-V hosts to download Windows updates from the VMM server by using a Group Policy object (GPO).

D. Install the Virtual Machine Manager console on the WSUS server, and then add the WSUS server to the fabric.



http://es.calameo.com/read/00194520942e7d03de414

http://technet.microsoft.com/es-es/library/gg675084.aspx

VMM requires the 64-bit version of Windows Server Update Service (WSUS) 3.0 Service Pack 2 (SP2). The WSUS server can be installed on the VMM management server or on a remote server.If you installed the WSUS server on a remote server:Install a WSUS Administration Console on the VMM management server.

QUESTION 101Your network contains the following roles and applications:

- Microsoft SQL Server 2012- Distributed File System (DFS) Replication- Active Directory Domain Services (AD DS)- Active Directory Rights Management Services (AD RMS)- Active Directory Lightweight Directory Services (AD LDS)

You plan to deploy Active Directory Federation Services (AD FS).


You need to identify which deployed services or applications can be used as attribute stores for the planned AD FS deployment.

What should you identify? (Each correct answer presents a complete solution. Choose all that apply.)

A. DFS

B. AD RMS

C. Microsoft SQL Server 2012

D. AD LDS

E. AD DS

Correct Answer: CDESection: [none]Explanation


Explanation:

http://technet.microsoft.com/library/dd807092(v=ws.10).aspx


QUESTION 102Your network contains a server named Hyperl that runs Windows Server 2012. Hyperl is configured as a Hyper-V host and runs System Center 2012 VirtualMachine Manager (VMM). Hyperl hosts a virtual machine named Guestl. Guestl is configured as a file server that runs Windows Server 2012. Guestl connects to a shared storage device byusing the iSCSI Initiator. You need to back up the files and the folders in the shared storage used by Guestl. The solution must ensure that the backup is successful even if Guestl is in a saved state.

What should you do?

A. From Hyper-V Manager, create a snapshot of Guestl.

B. From Hyperl, configure an iSCSI initiator to the shared storage and perform a backup by using Windows Server Backup

C. From Guestl, schedule regular backups by using Windows Server Backup.

D. From Microsoft System Center 2012 Virtual Machine Manager (VMM), create a copy of Guestl



QUESTION 103You administer an Active Directory Domain Services environment. There are no certification authorities (CAs) in the environment.

You plan to implement a two-tier CA hierarchy with an offline root CA.

You need to ensure that the issuing CA is not used to create additional subordinate CAs.

What should you do?

A. In the CAPolicy.inf file for the issuing CA, enter the following constraint:PathLength=1

B. In the CAPolicy.inf file for the root CA, enter the following constraint:PathLength=1

C. In the CAPolicy.inf file for the root CA, enter the following constraint:PathLength=2

D. In the CAPolicy.inf file for the issuing CA, enter the following constraint:PathLength=2




01/12/2015 // Checked

https://technet.microsoft.com/en-gb/library/cc737026(v=ws.10).aspx

You can use the CAPolicy.inf file to define the PathLength constraint in the Basic Constraints extension of the root CA certificate. Setting the PathLength basicconstraint allows you to limit the path length of the CA hierarchy by specifying how many tiers of subordinate CAs can exist beneath the root. A PathLength of 1means there can be at most one tier of CAs beneath the root. These subordinate CAs will have a PathLength basic constraint of 0, which means that they cannotissue any subordinate CA certificates.

http://blogs.technet.com/b/askds/archive/2009/10/15/windows-server-2008-r2-capolicy-inf- syntax.aspx

QUESTION 104This question consists of two statements: One is named Assertion and the other is named Reason. Both of these statements may be true; both may be false; or onemay be true, while the other may be false.To answer this question, you must first evaluate whether each statement is true on its own. If both statements are true, then you must evaluate whether the Reason(the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches yourevaluation of the two statements.

Assertion:You can manage VMware ESX hosts and virtual machines by using a System Center Virtual Machine Manager (SCVMM) server.

Reason:SCVMM automatically imports ESX hosts and virtual machines when you add the corresponding VMware vCenter to the SCVMM server.










* Assertion: trueVirtual Machine Manager (VMM) enables you to deploy and manage virtual machines and services across multiple hypervisor platforms, including VMware ESX andESXi hosts.* Reason: FalseWhen you add a vCenter Server, VMM no longer imports, merges and synchronizes the VMware tree structure with VMM. Instead, after you add a vCenter Server,you can add selected ESX servers and hosts to any VMM host group. Therefore, there are fewer issues with synchronization.



You are planning to set up a proof-of-concept network virtualization environment.

The environment will contain three servers. The servers will be configured as shown in the following table.

VMM will be used to manage the virtualization environment.Server2 runs three virtual machines. All of the virtual machines are configured to use network virtualization.

You need to enable network connectivity between the virtual machines and Server3.


Select and Place:


Correct Answer:




Windows Server Gatewayhttps://technet.microsoft.com/en-gb/library/dn313101.aspx

Windows Server Gateway integration with Hyper-V Network VirtualizationWindows Server Gateway is integrated with Hyper-V Network Virtualization, and is able to route network traffic effectively in circumstances where there are manydifferent customers - or tenants - who have isolated virtual networks in the same datacenter.

Configuring VM Networks and Gateways in VMMhttps://technet.microsoft.com/en-us/library/jj721575.aspx

And the procedure itself:

How to Add a Windows Server Gateway in VMM in System Center 2012 R2https://technet.microsoft.com/en-us/library/dn249417.aspx

QUESTION 106You plan to delegate the management of virtual machines to five groups by using Microsoft System Center 2012 Virtual Machine Manager (VMM).

The network contains 20 Hyper-V hosts in a host group named HostGroup1.

You identify the requirements for each group as shown in the following table.

You need to identify which user role must be assigned to each group.

Which user roles should you identify? To answer, drag the appropriate user role to the correct group in the answer area. Each user role may be used once, more


than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.

Select and Place:

Correct Answer:




Explanation:


http://mountainss.wordpress.com/2011/11/19/user-roles-in-system-center-virtual-machine-manager-2012/


QUESTION 107Your network contains multiple servers that run Windows Server 2012.

You plan to implement three virtual disks.

The virtual disks will be configured as shown in the following table.

You need to identify the minimum number of physical disks required for each virtual disk.

How many disks should you identify? To answer, drag the appropriate number of disks to the correct virtual disk in the answer area. Each number of disks may beused once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.

Select and Place:


Correct Answer:




Explanation:http://technet.microsoft.com/es-es/library/jj822938.aspx

They are not talking about Clusters, a single server only, so a standalone server.


QUESTION 108

Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 and Server2 have the Hyper-V server role installed and are members of a failover cluster.

The network contains a Storage Area Network (SAN) that has a LUN named LUN1. LUN1 is connected to a 12-TB disk on the SAN.

You plan to host three new virtual machines on the failover cluster. Each virtual machine will store up to 4 TB of data on a single disk.The virtual machines will be backed up from the hosts by using the Volume Shadow Copy Service (VSS).

You need to ensure that Server1 and Server2 can store the new virtual machines on the SAN.

Which three actions should you perform?To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order


Select and Place:

Correct Answer:




QUESTION 109You have a failover cluster named Cluster1 that contains four Hyper-V hosts.

Cluster1 hosts 20 virtual machines.

You deploy a new failover cluster named Cluster2.

You plan to replicate the virtual machines from Cluster1 to Cluster2.

You need to recommend which actions must be performed on Cluster2 for the planned deployment.

Which three actions should you recommend? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the


correct order.

Select and Place:

Correct Answer:



Explanation/Reference:Explanation:- Windows Server 2012 Hyper-V Role introduces a new capability, Hyper-V Replica, as a built-in replication mechanism at a virtual machine (VM) level. Hyper-V Replica can asynchronously replicate a selected VM running at a primary site to a designated replica site across LAN/WAN.Step 1: Prepare to Deploy Hyper-V Replica1.1. Make basic planning decisions1.2. Install the Hyper-V server role1.3. Configure the firewall1.4. Configure Hyper-V Replica BrokerStep2: Step 2: Enable Replication2.1 Configure the Replica server2.2. Configure a Replica server that is part of a failover cluster (optional) 2.3 Enable replication for virtual machinesEach virtual machine that is to be replicated must be enabled for replication.2.4 Configure primary server to receive replication

QUESTION 110Your network contains servers that run Windows Server 2012.

The network contains two servers named Server1 and Server2 that are connected to a SAS storage device.

The device only supports two connected computers.

Server1 has the iSCSI Target Server role service installed.

Ten application servers use their iSCSI Initiator to connect to virtual disks in the SAS storage device via iSCSI targets on Server1.

Currently, Server2 is used only to run backup software.

You install the iSCSI Target Server role service on Server2.

You need to ensure that the iSCSItargets are available if Server1 fails.

Which five actions should you perform? To answer, move the five appropriate actions from the list of actions to the answer area and arrange them in the correctorder.

Select and Place:


Correct Answer:





Explanation:http://blogs.msdn.com/b/clustering/archive/2012/05/01/10299698.aspx


You use the entire System Center suite.

You integrate Service Manager with Operations Manager. Virtual Machine Manager, Orchestrator, and Active Directory.

You perform all remediation by using Orchestrator runbooks. An application experiences performance problems on a periodic basis.


A new incident must be opened when System Center Operations Manager (SCOM) detects a performance problem. The incident must be closed when the performance problem is resolved. The incident must be associated with the HR performance problem in Service Manager.

You need to configure the environment.

Select and Place:

Correct Answer:





The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2012.

Server1 and Server2 are configured as file servers and are part of a failover cluster named Cluster1.

Server3 and Server4 have Microsoft SQL Server 2012 installed and are part of a failover cluster named Cluster2.

You add a disk named Disk1 to the nodes in Cluster1.

Disk1 will be used to store the data files and log files used by SQL Server 2012.

You need to configure the environment so that access to Disk1 remains available when a node on Cluster1 fails over or fails back.

Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correctorder.

Select and Place:


Correct Answer:




http://blogs.technet.com/b/josebda/archive/2012/08/23/windows-server-2012-scale-out-file-server-for-sqlserver-2012-step-by-step-installation.aspx


The domain contains multiple servers that are configured as Hyper-V hosts.

You plan to implement four virtual machines.

The virtual machines will be configured as shown in the following table.


You need to identify which network must be added to each virtual machine.

Which network types should you identify? To answer, drag the appropriate Network Type to the correct virtual machine in the answer area. Each Network Type maybe used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.

Select and Place:

Correct Answer:





Explanation:

http://blogs.technet.com/b/jhoward/archive/2008/06/17/hyper-v-what-are-the-uses-for-different-types-of-virtual-networks.aspx

An external network, which provides communication between a virtual machine and a physical network by creating an association to a physical network adapter onthe virtualization server. An internal network, which provides communication between the virtualization server and virtual machines.A private network, which provides communication between virtual machines only.

http://technet.microsoft.com/en-us/library/cc732470%28v=WS.10%29.aspx




The network has an Active Directory Certificate Services (AD CS) infrastructure.

You publish the certificate revocation list (CRL) to a farm of Web servers.

You are creating a disaster recovery plan for the AD CS infrastructure.

You need to recommend which actions must be performed to restore certificate revocation checking if a certification authority (CA) is offline for anextended period of time.

Which three actions should you recommend? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in thecorrect order.

Select and Place:

Correct Answer:






The domain contains two domain controllers named DC1 and DC2.

The domain contains a server named Server1.


Server1 is a certification authority (CA).

All servers run Windows Server 2012 R2.

You plan to deploy BitLocker Drive Encryption (BitLocker) to all client computers.

The unique identifier for your organization is set to Contoso.

You need to ensure that you can recover the BitLocker encrypted data by using a BitLocker data recovery agent.

You must be able to perform the recovery from any administrative computer.


Select and Place:

Correct Answer:





You need to configure the environment to support App1.


Select and Place:


Correct Answer:




QUESTION 117Your network contains two servers named Server1 and Server2 that run Windows Server 2012.

Server1 has the iSCSI Target Server role service installed and is configured to have five iSCSI virtual disks.

You install the Multipath I/O (MPIO) feature on Server2.

From the MPIO snap-in, you add support for iSCSI devices.

You need to ensure that Server2 can connect to the five iSCSI disks.


The solution must ensure that Server2 uses MPIO to access the disks.

Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correctorder.

Exhibit:

Select and Place:


Correct Answer:




Explanation:

- (Step 1):

On the Specify Access Servers page, click Add to specify the iSCSI initiator that will access your iSCSI virtual disk. Doing this opens the Add Initiator ID dialog box

- (Step 2):

CONFIGURE ISCSI INITIATOR ON CLUSTER-NODES Start the iScsi Initiator control panel by running iscsicpl on the command line. You will see a warning aboutthe iScsi Initiator Service. Click Yes to start the service. The properties screen will appear. Type the Target Server (in this scenario the DC) IP address in the Targetbox and click Quick Connect.

The two targets are shown in the dialog box. Click Done. In the iScsi Initiator Properties screen you see the two targets with status Inactive. Highlight the first oneand click the Properties button.In the Properties screen click the Add Session button. In the Connect to Target popup window you will get select Enable multi-path and click Advanced.

- (Step 3):

Reference: Creating a Windows Server 2012 Multipath I/O iScsi Fail-over Cluster

QUESTION 118You have a failover cluster named Cluster1 that contains two Hyper-V hosts named Hyped. and Hyper2. Clusterl hosts 15 virtual machines.

You deploy a new server named Hyper3.You plan to replicate the virtual machines from Clusterl to Hyper3.

You need to recommend which actions must be performed on Hyper3 for the planned deployment.

Select and Place:


Correct Answer:

Section: [none]


Explanation

Explanation/Reference:Note:

* Windows Server 2012 Hyper-V Role introduces a new capability, Hyper-V Replica, as abuilt-in replication mechanism at a virtual machine (VM) level. Hyper-V Replica canasynchronously replicate a selected VM running at a primary site to a designated replica siteacross LAN/WAN.

*Step 1:

Prepare to Deploy Hyper-V Replica

1.1. Make basic planning decisions1.2. Install the Hyper-V server role1.3. Configure the firewall1.4. Configure Hyper-V Replica Broker

Step2:

Step 2: Enable Replication

2.1 Configure the Replica server2.2. Configure a Replica server that is part of a failover cluster (optional)2.3 Enable replication for virtual machines

Each virtual machine that is to be replicated must be enabled for replication.2.4 Configure primary server to receive replication

Reference: Deploy Hyper-V Replica

QUESTION 119Your network contains an Active Directory forest named contoso.com.


The forest contains two servers.



You prepare the forest to support Workplace Join and you enable the Device Registration Service (DRS) on Server1.

You need to ensure that Workplace Join meets the following requirements:

- Application access must be based on device claims.- Users who attempt to join their device to the workplace through Server2 must be prevented from locking out theirActive Directory account due to invalid credentials.

Which cmdlet should you run to achieve each requirement? To answer, select the cmdlet for each requirement in the answer area.

Hot Area:

Correct Answer:






System Center 2012 R2 Virtual Machine Manager (VMM) is deployed to the domain.

In VMM, you create a host group named HostGroup1.

You add a 16-node Hyper-V failover cluster to HostGroup1.

From Windows PowerShell, you run the following commands:


Use the drop-down menus to select the answer choice that completes each statement.

Hot Area:


Correct Answer:



QUESTION 121Your network contains five physical servers.




During the setup of VMM, you configure distributed key management.

You need to ensure that the entire VMM infrastructure can be restored.

What should you include in the backup plan? To answer, select the appropriate server to back up for each backup content type in the answer.

Hot Area:


Correct Answer:




The domain contains a Network Load Balancing (NLB) cluster named Cluster1 that contains four nodes.

Cluster1 hosts a web application named App1.

The session state information of App1 is stored in a Microsoft SQL Server 2012 database.

The network contains four subnets.

You discover that all of the users from a subnet named Subnet1 always connect to the same NLB node.

You need to ensure that all of the users from each of the subnets connect equally across all of the nodes in Cluster1.


What should you modify from the port settings? To answer, select the appropriate setting in the answer area.

Hot Area:

Correct Answer:




QUESTION 123

You plan to implement a virtualization solution to host 10 virtual machines.All of the virtual machines will be hosted on servers that run Windows Server 2012.You need to identify which servers must be deployed for the planned virtualization solution. The solution must meet the followingrequirements:

• Minimize the number of servers.• Ensure that live migration can be used between the hosts.

Which servers should you identify?


To answer, select the appropriate servers in the answer area.

Hot Area:

Correct Answer:





Your network contains an Active Directory domain named contoso.com.

You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2.

Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.

You plan to create two virtual machines that will run an application named App1.App1 will store data on a virtual hard drive named App1data.vhdx. App1data.vhdx will be shared by both virtual machines.


The network contains the following shared folders:

- An SMB file share named Share1 that is hosted on a Scale-Out File Server.- An SMB file share named Share2 that is hosted on a standalone file server.- An NFS share named Share3 that is hosted on a standalone file server.

You need to ensure that both virtual machines can use App1data.vhdx simultaneously.

What should you do? To answer, select the appropriate configurations in the answer area.

Hot Area:

Correct Answer:




QUESTION 125You plan to deploy a certification authority (CA) infrastructure that contains the following servers:

- An offline standalone root CA named CA1- An enterprise subordinate CA named CA2

On all of the computers, you import the root CA certificate from CA1 to the Trusted Root Certification Authorities Certificates store.

You need to ensure that CA2 can issue certificates for the CA hierarchy.

What should you do? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:




QUESTION 126Your company has four offices.

The offices are located in Montreal, Seattle, New York, and Miami.

Users access all of the web-based resources by using web proxy servers.

The IP addresses of the web proxies at each office are configured as shown in the following table.


The connections to the web proxies are balanced by using round-robin DNS.

The company plans to deploy a new application.

The new application has a farm of front-end web servers that connect to a back-end application server.

When a session to a web server is established, the web server stores data until the session closes.

Once the session closes, the data is sent to the application server.

You need to ensure that the incoming sessions to the web server farm are distributed among the web servers.

The solution must ensure that if a web server fails, the users are NOT directed to the failed server.

How should you configure the port rule? To answer, select the appropriate options in the answer area.

Hot Area:


Correct Answer:



QUESTION 127You have a System Center 2012 R2 Virtual Machine Manager (VMM) deployment.

You implement Hyper-V Recovery Manager for the deployment.

You create two new clouds named Cloud1 and Cloud2.

Metadata for both clouds is uploaded to Windows Azure.

You need to ensure that the virtual machines in Cloud1 are protected by using replicas in Cloud2.


Where should you perform each action? To answer, select the appropriate tool for each action in the answer area.

Hot Area:

Correct Answer:




QUESTION 128You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012 SP1.

You need to ensure high availability for business-critical virtual machines (VMs) that host business-critical SQL server databases.

Solution: You create a custom placement rule and apply it to all business-critical VMs.


A. Yes

B. No



ATT: This question is one of a series of similar questions where only the “Solution” changes. the answer to this one appears to always be “No” unless theSolution involves the following:

Adding the VMs to an "Availability Set. Modifying the Preferred and Possible Owners. Configuring Custom Placement Rules."

The Following Settings all enable an aspect of Failover for Virtual Machines Running in a Cluster in VMM:

Availability Sets will make them highly avialable because VMM will keep each VM that is in the availability set on its own SEPERATE physical Host machine. Thisis highly available because if one Host machine crashes, you will only lose one of the SQL servers at most.

Preferred and Possible Owner nodes set preferences for which cluster nodes each VM is allowed on (Possible Owners), and which nodes you would prefer eachVM to be on (Preferred Owners). During Dynamic Optimization, patching or cluster failover, your preferences will be taken into account and your specified targetnodes will be preferred. (This can be used in the same way as an Availability Set to keep the SQL servers off the same physical Host.


Custom Placement Rules allow use to set which machine a VM must failover to, among other things. You can also adjust cost settings etc.


You need to ensure high availability for business-critical virtual machines (VMs) that host business-critical SQL Server databases.

Solution: You set the memory-weight threshold value to High for each business-critical VM.


A. Yes

B. No





Solution: You configure preferred and possible owners for each business-critical VM.


A. Yes

B. No






Solution: You create an availability set and place each business-critial VM in the set.


A. Yes

B. No


Explanation/Reference:Pending

YES

Explanation: When you place multiple virtual machines in an availability set, VMM will attempt to keep those virtual machines onseparate hosts and avoid placing them together on the same host whenever possible. This helps to improve continuity of service.

Reference: Configuring Availability Options for Virtual Machines Overview



You deploy a service named Service1 by using a service template. Service1 contains two virtual machines.

The virtual machines are configured as shown in the following table.



Solution: From Virtual Machine Manager (VMM), you modify the properties of the service template.



A. Yes

B. No








Solution: From Configuration Manager, you create a Collection and a Desired Configuration Management baseline.


A. Yes

B. No








Solution: From Operations Manager, you create a Distributed Application and a Service Level Tracking object.


A. Yes

B. No








Solution: From Configuration Manager, you create a Collection and a Desired Configuration Management baseline.


A. Yes

B. No








Solution: From Operations Manager, you create a Distributed Application and a Monitor Override.


A. Yes

B. No


Explanation/Reference:Need to Check.

Could be Yes

QUESTION 137Your network contains an Active Directory domain named contoso.com. The network has an Active Directory Certificate Services (AD CS) infrastructure. You need to issue a certificate to users to meet the following requirements:

- Ensure that the users can encrypt files by using Encrypting File System (EFS).- Ensure that all of the users reenroll for their certificate every six months.

Solution: You create a copy of the Basic EFS certificate template, and then you modify the validity period of the copy.



A. Yes

B. No






Solution: From the properties of the User certificate template, you assign the Allow -Enroll permission to the Authenticated Users group.


A. Yes

B. No







Solution: You create a copy of the User certificate template, and then you modify the extensions of the copy.


A. Yes

B. No






Solution: From the properties of the Basic EFS template, you assign the Allow - Enroll permission to the Authenticated Users group.


A. Yes

B. No




QUESTION 141You plan to allow users to run internal applications from outside the company's network. You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role installed.

You must secure on-premises resources by using multi-factor authentication (MFA).

You need to design a solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.

Solution: You migrate the AD FS server to Microsoft Azure and connect it to the internal Active Directory instance on the network. Then, you use theWorkplace Join process to configure access for personal devices to the on-premises resources.


A. Yes

B. No






Solution: You install a local instance of MFA Server and connect it your Microsoft Azure MFA provider. Then, you use the Workplace Join process toconfigure access for personal devices to the on-premises resources.


A. Yes

B. No



Explanation


Reference: Setting up on-premises conditional access using Azure Active Directory Device Registration

https://azure.microsoft.com/en-gb/documentation/articles/active-directory-conditionalaccess-on-premises-setup/




Solution: You install a local instance of the MFA Server. You connect the instance to the Microsoft Azure MFA provider and then you use MicrosoftIntune to manage personal devices.


A. Yes

B. No






Solution: You install a local instance of MFA Server. You connect the instance to the Microsoft Azure MFA provider, and then run the following WindowsPowerShell cmdlet. Enable-AdfsDeviceRegistration



A. Yes

B. No



QUESTION 145Your network contains five servers that run Windows Server 2012 R2. You install the Hyper-V server role on the servers. You create an external virtual network switch on each server.You plan to deploy five virtual machines to each Hyper-V server.

Each virtual machine will have a virtual network adapter that is connected to the external virtual network switch and that has a VLAN identifier of 1.

Each virtual machine will run Windows Server 2012 R2. All of the virtual machines will run the identical web application.

You plan to install the Network Load Balancing (NLB) feature on each virtual machine and join each virtual machine to an NLB cluster.

The cluster will be configured to use unicast only.

You need to ensure that the NLB feature can distribute connections across all of the virtual machines.

Solution: From the properties of each virtual machine, you enable MAC address spoofing for the existing virtual network adapter.


A. Yes

B. No



Explanation/Reference:Need to Check. Could be B

QUESTION 146Your network contains five servers that run Windows Server 2012 R2.You install the Hyper-V server role on the servers.

You create an external virtual network switch on each server.You plan to deploy five virtual machines to each Hyper-V server.






Solution: On each Hyper-V server, you create a new private virtual network switch. From the properties of each virtual machine, you add a second virtual network adapter and connect the new virtual network adapters to the new privatevirtual network switches.


A. Yes

B. No



QUESTION 147Your network contains five servers that run Windows Server 2012 R2. You install the Hyper-V server role on the servers.

You create an external virtual network switch on each server.


You plan to deploy five virtual machines to each Hyper-V server.






Solution: From the properties of each virtual machine, you add a second virtual network adapter. You connect the new virtual network adapters to theexternal virtual network switch and configure the new virtual network adapters to use a VLAN identifier of 2.


A. Yes

B. No



QUESTION 148An organization uses an Active Directory Rights Management Services (AD RMS) cluster names RMS1 to protect content for a project. You uninstall AD RMS whenthe project is complete.

You need to ensure that the protected content is still available after AD RMS is uninstalled.

Solution: You run the following command from an administrative command prompt:

cipher /a/d/s:<protected share name>


A. Yes


B. No



Explanation: If you plan to remove Active Directory Rights Management Services from your organization, you should firstdecommission the AD RMS cluster. This allows your AD RMS users to remove AD RMS protection from existing content.If you uninstall AD RMS without first decommissioning it, your protected content will no longer be accessible.

Reference: Decommissioning AD RMS

http://blogs.technet.com/b/rms/archive/2012/04/29/decommissioning-ad-rms.aspx

QUESTION 149An organization uses an Active Directory Rights Management Services (AD RMS) cluster named RMS1 to protect content for a project. You uninstall AD RMS whenthe project is complete. You need to ensure that the protected content is still available after AD RMS is uninstalled.

Solution: You add the backup service account to the SuperUsers group and back up the protected content. Then, you restore the content to a file serverand apply the required NTFS permissions to the files.


A. Yes

B. No



QUESTION 150An organization uses an Active Directory Rights Management Services (AD RMS) cluster names RMS1 to protect content for a project. You uninstall AD RMS whenthe project is complete.



Solution: You run the following Windows PowerShell command:

Set-ItemProperty -Path <protected content>:\ -Name IsDecommissioned -Value $true EnableDecommission



A. Yes

B. No


Explanation/Reference:ATT: This question is one of a series of similar questions where ONLY the Soltion Changes. To answer this question you simply need to know the stepsrequired to ensure right's protected content is still available after you uninstall AD RMS (detailed information regarding this is below under the "Explanation" header.

To summarize: For the answer to this question to be "YES" you need to ENABLE DECOMMISSIONING on the Cluster Node/s. You may also want to grant the ADRMS Users Read & Execute Permissions, which will allow them to decrypt their content and store it as regular content on another database.

Explanation:

When you decommission AD RMS, the behavior of the AD RMS cluster is changed such that it can now provide a key that decrypts the rights-protected content thatit had previously published. This key allows the content to be saved without AD RMS protection.

To decommissioning an AD RMS cluster:

1. Log on to the server on which you want to decommission AD RMS.2. Modify the access control list (ACL) on the decommissioning.asmx file by granting the Everyone group Read & Execute permissions. The default location

for this file is %systemdrive%\inetpub\wwwroot\_wmcs\decommission.3. Open the Active Directory Rights Management Services console and add the AD RMS cluster. Expand the AD RMS cluster, expand Security Policies , and

then select Decommissioning .


4. Select the Enable Decommissioning option in the Actions pane. Can also be done with the PowerShell Command: Set-ItemProperty -Path <drive>:\ -Name IsDecommissioned -Value $true -EnableDecommission

5. Inform your users that you are decommissioning the AD RMS installation and advise them to connect to the cluster to save their content without AD RMSprotection. Alternatively, you could delegate a trusted person to decrypt all rights-protected content by temporarily adding that person to the AD RMS super usersgroup.

6. After you believe that all of the content is unprotected and saved, you should export the server licensor certificate, and then uninstall AD RMS from the server.

QUESTION 151An organization uses an Active Directory Rights Management Services (AD RMS) cluster named RMS1 to protect content for a project. You uninstall AD RMS whenthe project is complete.


Solution: You enable the decommissioning service by using the AD RMS management console. You grant all users the Read & Execute permission tothe decommission pipeline.


A. Yes

B. No



The proper procedure is:Inform your users that you are decommissioning the AD RMS installation and advise them to connect to the cluster to save their content without AD RMS protection.Alternatively, you could delegate a trusted person to decrypt all rights- protected content by temporarily adding that person to the AD RMS super users group.After you believe that all of the content is unprotected and saved, you should export the server licensor certificate, and then uninstall AD RMS from the server.


Documents

70-414 microsoft